Question : Store Secure Data in Database

I want to store secure data in the database.

I have no idea on how to go about that. lets say there are three pieces of information that i can store along with user id in one table
so four  columns i would think.

the ID can be not secured I guess and its needed for lookup

now what is the best way to store the other information and why?

ms sql 2005, asp.net 2005, win 2008 + 2in 2003

thanks in advance.

Answer : Store Secure Data in Database

Hi myship,,

For password I suggest[if its in your list of the columns to be secured] don't store it at all, rather store it hash i.e. create a hash of the password when user is creating his A/C or changing a password. When next time request comes generate a hash and match against the hash stored in DB. This is a standard approach used by many sites.

For other data, you can use a modified version of the code shown here : http://stackoverflow.com/questions/165808/simple-2-way-encryption-for-c

Also if you have better control over the site i.e. its your own sever and users are going to be authenticated using Windows Authentication you can always go for Good Old Data Protection API[DPAPI]

http://www.c-sharpcorner.com/UploadFile/mosessaur/dpapiprotecteddataclass01052006142332PM/dpapiprotecteddataclass.aspx

Also you can use SQL 2008 transparent encryption, that you have to read a little bit before you make a call. Here are the links :

http://msdn.microsoft.com/en-us/library/bb934049.aspx
http://edge.technet.com/Media/580/
http://blogs.msdn.com/b/lcris/archive/2007/10/03/sql-server-2008-transparent-data-encryption-feature-a-quick-overview.aspx

Let me know if you have any question/concerns.

Regards,
Chinmay


Random Solutions  
 
programming4us programming4us