Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
jccorner
Starting Member
20 Posts |
 Posted - 2006-08-11 : 10:51:52
|
| Just wondering, but I wanted to get people's opinions. When a user visits a login page or registers with a site, is it better to encrypt the password on the application side or in the database itself??I currently have upgraded to SQL Server 2005 and just figured out how to use encryption in my stored procedures for my passwords but then was wondering if the password is not encrypted from the application to the database, isn't this a security hole??Thanks for any feedback. |
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
|
|
jccorner
Starting Member
20 Posts |
Posted - 2006-08-14 : 16:16:07
|
| Thanks. Now if I'm considering sensitive data like credit card numbers or social security number, should I encrypt in the app or on the database side?? |
 |
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2006-08-14 : 21:48:06
|
| I'd do the encryption in the application.Client --> Webserver --> Good Encryption --> Stored encrypted value in databaseYou'll probably want to look at something like the Rijndael encryption that's built into .Net.Michael<Yoda>Use the Search page you must. Find the answer you will. Cursors, path to the Dark Side they are. Avoid them, you must. Use Order By NewID() to get a random record you will.</Yoda>Opinions expressed in this post are not necessarily those of TeleVox Software, inc. All information is provided "AS IS" with no warranties and confers no rights. |
|
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2006-08-14 : 23:07:56
|
| If you do server side processing that requires the un-encrypted data, you should chose an encryption/decryption method that is available on both the server and the client.CODO ERGO SUM |
|
|
|
|
|
|
Encryption on login