Database Encryption Or Application Level Encryption?

Oct 23, 2010

When you need to store sensitive data such as CCs or SSNs, do you:1) Build your own encryption routine within the application, define a secret key somewhere in a config file, and then manually encrypt/decrypt data going to the database.2) Push all the problem to the database, using the built in DB capabilities (I think most vendors call it Transparent Database Encryption).What trade-offs have you find for your solution? Does writing your own routine perform poorly when compared to TDE? Is code maintainability, or conversely DB vendor lock-in an issue?

View 3 Replies


Similar Messages:

Security :: Encryption Algorithm - Encryption Of Data Required In The Coding?

Sep 16, 2010

Not sure if I'm posting the question in the right category.

1) I'm working in a project where encryption of data is high priority. Could some one suggest what would be the best encryption method to protect data from being cracked.

I'm using TCP/IP protocol.

2) Is HTTPS totally secured. If I'm using HTTPS, does that mean that there is no encryption of data required in the coding?

View 3 Replies

Security :: Encryption - Application Vs DB?

Jan 4, 2010

I am creating an application that will save financial data.I am in the process of creating an architecture for this application.I am stuck deciding wether to do encryption on the application side or SQL Server side. I am planning to use AESManaged algorithm for this.My requirement is such that the ecnryption key is unique for each user (based on user's password).I am of the opinion that it should be on the application server side as it becomes easily scalable. Another attractive thing that I find is that if my frontend is Silverlight then I can pass on the actual encryption load onto the client system.

View 7 Replies

C# - Encryption And Decryption Key Where To Store And What To Use For .net Application?

Sep 14, 2010

We are designing a .net web application that has an external and internal site.

Both sites need to encrypt data only the internal site needs to decrypt data.

We are wondering what are the best practices for:

Which encryption method to choose?
Where to store the encryption / decryption key?

View 2 Replies

Security :: Database Password Encryption?

Mar 8, 2011

Can anyone help with best practice for storage of database passwords/connectionstrings for ASP.NET applications? Most tutorials suggest storing the connection string (along with the password) in Web.config. I don't like this solution because the connectionstring is visible to anyone working on the application (although I appreciate it is secured from the consumer). You can use aspnet_regiis to encrypt sections of Web.config, but then surely anyone with access to the web server could easily decrypt it anyway. For an enterprise level application what should I be doing?I could store it in Web.config and encrypt with my own key, but then would that offer any advantage over aspnet_regiis, because the key would have to reside on the web server anyway?

View 1 Replies

C# - Encryption Of URL In 3.5?

Dec 2, 2010

How do I encrypt the URL while navigating in asp.net 3.5 ?

View 3 Replies

Security :: No Encryption In URL?

Aug 4, 2010

I am using a Query Encryption Technique shown in Thread[URL]I am facing a problem with the above module status bar always displays real URL,& when ever i right click on page then properties than Address URL shows Real URL

View 4 Replies

Security :: AES 256 Bit Encryption?

Jul 24, 2010

I would like to use the System.Security.Cryptography to encrypt / decrypt my passwords strings for my custom membership provider login.I've read some basic article's but they don't explain much about the process in detail. I've decided to use AES because it is said to replace DES encryption. How can I encrypt and decrypt my password strings in the strongest way possible with AES? I would really like a very detailed explanation about the method to use for this task.

View 1 Replies

Asp - AES Encryption And Key Storage?

Jan 10, 2010

A few years ago, when first being introduced to ASP.net and the .NET Framework, I built a very simple online file storage system.This system used Rijndael encryption for storing the files encrypted on the server's hard drive, and an HttpHandler to decrypt and send those files to the client. Being one of my first project with ASP.net and databases, not understanding much about how the whole thing works (as well as falling to the same trap described by Jeff Atwood on this subject), I decided to store freshly generated keys and IVs together with each file entry in the database.

To make things a bit clearer, encryption was only to protect files from direct access to the server, and keys were not generated by user-entered passwords. My question is, assuming I don't want to keep one key for all files, how should I store encryption keys for best security? What is considered best practice? (i.e: On a different server, on a plain-text file, encrypted). Also, what is the initialization vector used for in this type of encryption algorithm? Should it be constant in a system?

View 2 Replies

C# Library Encryption In C# .net

Mar 28, 2011

I was told that there's an encryption library I can use and there's a couple that I can choose from (eg. AES, RSA, etc). I also read something about keys. Are keys something you just generate so you can encrypt and decrypt a series of texts? Do you have to purchase that key? Also, is there a best practice that I need to be aware of in encrypting and decrypting? Is encrypting a password recommended? Would performance be affected?

View 3 Replies

Security :: SSL And Further Encryption?

Dec 16, 2010

If a website is already using SSL, this guarantees a secure channel between the client and the website right. If I do another encrypt on the information being transmitted via HTTP POST would this be an overkill?

View 2 Replies

.net - Where To Store Encryption Key

Oct 25, 2010

I am encrypting data (health care industry) using the aes encryption classes in the .net framework. What are some of the recommended locations for safely storing the key? I have it in the web.config for development, but that does not feel production worthy, to say the least.

View 4 Replies

Web Forms :: Url Parameter Encryption?

Aug 4, 2010

I have a URL like this: [URL]How it could encrypt and decrypt the parameters of a URL ?. how to achieve this task

View 5 Replies

Generalized URL Encryption Module?

Jan 27, 2010

I am struct in a bad sitiation. I have developed my whole application and at the end client requested that they want encrypted URLs :(. Now application is in a state where I can not encrypt URL on individual pages.Is there any module through which I can add URL encryption throughout my website without changing the application as application code is 100% verified from Q/A.

View 1 Replies

Security :: Upgraded .Net From 1.1 To 2.0 - MD5 Encryption Is Different?

Mar 19, 2010

I inherited a ASP.Net website. Some changes need to be implemented. The login for the application is encrypted using the md5cryptoserviceprovider class. After upgrading to 2.0, the password is no longer encrypted the same as when it was 1.1.

I left the 1.1 virtual directory and it's still working. On the same box, I loaded the 2.0 code and setup a new virtual directory (which isn't encrypting the same as 1.1).

I copied the section below from the 1.1 machine.config section into the web.config and the 2.0 machine.config.

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1"/>

Here is the code that is generating the hash.

MD5CryptoServiceProvider encryptionServiceProvider = new MD5CryptoServiceProvider();

var bytes = ASCIIEncoding.ASCII.GetBytes(inputString);

View 1 Replies

Security :: What Is Two Way Encryption And How Does That Work

Jul 27, 2010

what is two way encryption and how does that work ?

View 2 Replies

Connectionstring Encryption In MVC2 4.0 App?

Nov 16, 2010

I have an MVC2 .NET 4.0 app, hosted on TFS 2008 (soon to be TFS 2010) that uses connection strings in web.config to connect to a database on another server. I need to encrypt these connection strings.

As I understand it, I can use aspnet_regiis.exe to encrypt the connectionstring portion of the web.config file, but I have to do it on the deployment machine because the encryption uses the machine name to generate the encryption key.

Now, it seems to me that this represents a problem - every time I deploy my code to the dev server won't it overwrite the web.config file, and need to be re-encrypted? This sort of manual process seems kludgy.

Is my understanding about needing to re-encrypt after deployment correct? If so, is there some way to automate this process? I don't want to forget this or get a new team member who doesn't know the process and have the connectionstring exposed to the world.

View 1 Replies

Security :: AES / Rijndeal Encryption

Apr 11, 2010

I have a hex string (encrypted)I need to use Rijndael classes with these settings:

Encryption: AES

View 9 Replies

Security :: DES Encryption, (c#) And Mcrypt (php)?

Jun 11, 2010

I have a problem trying to encrypt a string in PHP and also in C# using DES (cbc) encryption. The problem I'm facing is that I'm getting different results using the different languages.In C#:

[Code]....

You can see that they are close...

PHP: HLp51qoFW0rimOTafCVTVQ==
C# : HLp51qoFW0ojU8eGEGkk4w==

But something is going wrong somewhere, I suspect it's a difference between (PHP) pack("H*", '0F26EF560F26EF56') and (C#) StringToBytes.ConvertHex("0F26EF560F26EF56") but I'm really struggling to spot it.

View 1 Replies

Url Or Code Encryption And Description?

Mar 3, 2010

i an sending the url with some inofmation say some thing like this:

"http://localhost:4622/Emp_ResumeResult.aspx?UId=109" now if any one types 110 in place of 109 the infomration of 110 is being displayed so how can i hide this information and how can in encript and decript this issue any url or code.

View 2 Replies

Security :: Encryption Last 4 Digits

Jul 23, 2010

my code:

[Code]....

I have a stored encryption: "dkljas84u238jidasjidoia"When I get in this instance decryption "11111111111111111"show how the combobox "****************** 1111 "Something like: SELECT RIGHT ('11111111111111111 ', 4)

View 5 Replies

C# - JSON Security And Encryption?

Sep 2, 2010

I'm just starting to really get into JSON as a tool for my sites. I was showing my friend how I am calling a WS and returning the data, and he asked me about security of passing JSON data to and from a web service as he saw the data from the "POST" (via Firebug). Many of our public facing sites deal with member information and contain PHI. Can I encrypt the JSON data and then unencrypt it? Is that a good way to go about it to ensure a layer of protection? Or is there another "better/right" way of doing it? Or are his concerns unfounded? Is there an article about how to encrypt or secure the JSON data when needed? Just trying to gather as much knowledge as possible before I go down a path that won't work for the company.

View 4 Replies

.NET Web.config Encryption Failing?

Feb 15, 2011

Here is what I do:

//First delete
aspnet_regiis -pz MyKeyName
//Create the container
aspnet_regiis -pc MyKeyName -exp
//Install the key into a machine-level RSA key provider
aspnet_regiis -pi MyKeyName pathToKeyFile
//Encrypt
aspnet_regiis -pef "connectionStrings" -prov pathToWebConfigFile

//So that's all good so far. If I want I can now decrypt which runs just fine on the same machine:
aspnet_regiis -pdf "connectionStrings"

I now take the Encrypted file and bring it to another machine and instal the same key (got from exporting my key using aspnet_regiis -px "MyKeyName" "C:MyKeyName.xml" -pri).

Now when I run the same decryption command I get an error " Decryption failed... Bad Data..."

View 1 Replies

Security :: Encryption Of ConnectionString?

Sep 18, 2010

My website has to connect to a hosted SQL Server database. The connectiostring, incluing username and password, is stored in the web config file.I have two questions.The first is that everything I read says this must be encrypted so that it cannot be read and used by others. Well, how would that happen. My understanding of ASP.net is that all the work is carried out on the hosted server and the rendered page is then delivered to the user. How would a user be able to view my connectionstring.Secondly, I have used some msdn vb.net code to encrypt the connection string in the web config file. Following on from the first question, how can I confirm that the encryption is intact on the published web.config file.

View 7 Replies

Security :: C# Cryptography Again..With SQL Encryption?

Jan 26, 2010

I am trying to use both .NET Cryptography as well as SQL Symmetric Encryption with Triple DES, if it's possible. I was able to set up a test database with encryption on a single field like so:

[Code]....

I am using this because of SQL Reportas that are being ran and I don't have access to C# development within them. Now to insert the encrypted key what do I use? I found the following code on another post http://forums.asp.net/p/902066/1000988.aspx#1000988:
[Code]....

How do I modify OR what code do I use to Encrypt/Decrypt the SQL Encryption, does the SQL Encryption method need to change..Is it even possible?

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved