Encrypting Data
-
I posted this over on the ASP.NET forums but didn''t hear much of anything. So I guess I'm cross posting.... :) I have an application that has stores sensitive data in an SQL server and I am currently handling this through my ASP.NET application using the encryption classes in C#. One of the things we would eventually like to be able to do is use other programs (like Microsoft Access) to run advanced Querys on the tables and retrive the data. With the encyption being done in C#/ASP all that would be returned would be the encrypted data. I wondering if there is a way to build a layer to encrypt/decrypt data at the database level, my searches haven't yeiled to much info (As well as a trip to Borders) as I haven't seen any books that even touch on this. I don't know a lot about SQL right now (Mainly only MySQL so Stored Procs and all that stuff are really new to me) so I don't know if I would go about it this way or not? (Using a stored procedure) Can anyone reccommened where I should start to learn about accomplishing this? Books are usually the best help but I'll take any kind of information that can be thrown my way :-) Thanks!
-
I posted this over on the ASP.NET forums but didn''t hear much of anything. So I guess I'm cross posting.... :) I have an application that has stores sensitive data in an SQL server and I am currently handling this through my ASP.NET application using the encryption classes in C#. One of the things we would eventually like to be able to do is use other programs (like Microsoft Access) to run advanced Querys on the tables and retrive the data. With the encyption being done in C#/ASP all that would be returned would be the encrypted data. I wondering if there is a way to build a layer to encrypt/decrypt data at the database level, my searches haven't yeiled to much info (As well as a trip to Borders) as I haven't seen any books that even touch on this. I don't know a lot about SQL right now (Mainly only MySQL so Stored Procs and all that stuff are really new to me) so I don't know if I would go about it this way or not? (Using a stored procedure) Can anyone reccommened where I should start to learn about accomplishing this? Books are usually the best help but I'll take any kind of information that can be thrown my way :-) Thanks!
Kluch wrote: I wondering if there is a way to build a layer to encrypt/decrypt data at the database level, my searches haven't yeiled to much info (As well as a trip to Borders) as I haven't seen any books that even touch on this. I don't think any T-SQL statements can do that for you , why don't you write a web serice which do that encryption/encryption. It suit this situation. Mazy
"One who dives deep gets the pearls,the burning desire for realization brings the goal nearer." - Babuji -
Kluch wrote: I wondering if there is a way to build a layer to encrypt/decrypt data at the database level, my searches haven't yeiled to much info (As well as a trip to Borders) as I haven't seen any books that even touch on this. I don't think any T-SQL statements can do that for you , why don't you write a web serice which do that encryption/encryption. It suit this situation. Mazy
"One who dives deep gets the pearls,the burning desire for realization brings the goal nearer." - BabujiMazdak wrote: I don't think any T-SQL statements can do that for you , why don't you write a web serice which do that encryption/encryption. It suit this situation. If it's a web service though would you still be able to tie into it with 3rd party programs (mentioned above) and still have it decrypt the data?
-
Mazdak wrote: I don't think any T-SQL statements can do that for you , why don't you write a web serice which do that encryption/encryption. It suit this situation. If it's a web service though would you still be able to tie into it with 3rd party programs (mentioned above) and still have it decrypt the data?
I don't know exacly what do you mean. Any platform can comunicate with web service. So you do can do your encryption and decryption in the web serivce. I mwan you send request to web service , then it send the request to your database and get encrypted data , you decrypt data in web service and send it back to client. So no problem. I don't know exactly how to communicate from Access to a web service , if you can write VB module there , then you can use Soap ToolKit and do that. Is that clear? Mazy
"One who dives deep gets the pearls,the burning desire for realization brings the goal nearer." - Babuji -
I posted this over on the ASP.NET forums but didn''t hear much of anything. So I guess I'm cross posting.... :) I have an application that has stores sensitive data in an SQL server and I am currently handling this through my ASP.NET application using the encryption classes in C#. One of the things we would eventually like to be able to do is use other programs (like Microsoft Access) to run advanced Querys on the tables and retrive the data. With the encyption being done in C#/ASP all that would be returned would be the encrypted data. I wondering if there is a way to build a layer to encrypt/decrypt data at the database level, my searches haven't yeiled to much info (As well as a trip to Borders) as I haven't seen any books that even touch on this. I don't know a lot about SQL right now (Mainly only MySQL so Stored Procs and all that stuff are really new to me) so I don't know if I would go about it this way or not? (Using a stored procedure) Can anyone reccommened where I should start to learn about accomplishing this? Books are usually the best help but I'll take any kind of information that can be thrown my way :-) Thanks!
You can create an extended procedure - basically a C function exported from a dll you write. You can then attach it to MSSQL and use it the same way you would use a stored procedure. Look at : http://www.codeproject.com/database/xp_md5.asp[^] ...cmk Save the whales - collect the whole set
-
I don't know exacly what do you mean. Any platform can comunicate with web service. So you do can do your encryption and decryption in the web serivce. I mwan you send request to web service , then it send the request to your database and get encrypted data , you decrypt data in web service and send it back to client. So no problem. I don't know exactly how to communicate from Access to a web service , if you can write VB module there , then you can use Soap ToolKit and do that. Is that clear? Mazy
"One who dives deep gets the pearls,the burning desire for realization brings the goal nearer." - BabujiThis seems like a good solution. As mentioed I would have to figure out A) How to send a request to the web service (Hopefully this could even just be my select string with some logon info or something) B) What type of Data would be needed to send back to the client (Don't know if it would be easy as just passing a data grid) What would be nuce is my main ASP app could use the same method just to encrypt decrypt the data. It's something to look into. Thanks!
-
This seems like a good solution. As mentioed I would have to figure out A) How to send a request to the web service (Hopefully this could even just be my select string with some logon info or something) B) What type of Data would be needed to send back to the client (Don't know if it would be easy as just passing a data grid) What would be nuce is my main ASP app could use the same method just to encrypt decrypt the data. It's something to look into. Thanks!
Oh , thats a long topic , you can use authentication too in web serive. Chris have introduction article about web service. Web Service is not very comlpicated topic , you send/recieve any datatype. You can use it in the same way in your ASP.NET pages too. I really too lazy to describe all these topics , they are very simple and you can find lots of info about them in books and googling. :-) Mazy
"One who dives deep gets the pearls,the burning desire for realization brings the goal nearer." - Babuji -
I posted this over on the ASP.NET forums but didn''t hear much of anything. So I guess I'm cross posting.... :) I have an application that has stores sensitive data in an SQL server and I am currently handling this through my ASP.NET application using the encryption classes in C#. One of the things we would eventually like to be able to do is use other programs (like Microsoft Access) to run advanced Querys on the tables and retrive the data. With the encyption being done in C#/ASP all that would be returned would be the encrypted data. I wondering if there is a way to build a layer to encrypt/decrypt data at the database level, my searches haven't yeiled to much info (As well as a trip to Borders) as I haven't seen any books that even touch on this. I don't know a lot about SQL right now (Mainly only MySQL so Stored Procs and all that stuff are really new to me) so I don't know if I would go about it this way or not? (Using a stored procedure) Can anyone reccommened where I should start to learn about accomplishing this? Books are usually the best help but I'll take any kind of information that can be thrown my way :-) Thanks!
Hi, I am not sure if I grasped your question completely. But here is my take: I see two options: - Have a windows or web service as a layer or interface between the outside program and your database. Since your database contains sensitive information, probably it is a good idea to allow connections only locally i.e. from your windows or web service. - Second option would be to encrypt the data before you store it in the database. This way you do not have the hassle of encrypting an decrypting data everytime some program accesses it. You encrypt it only one time when you store it in the database and maybe decrypt it on the client side again. Hope that helped. Best, Pankaj Without struggle, there is no progress