Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP 3 Classic ASP Active Server Pages 3.0 > Classic ASP Professional
|
Classic ASP Professional For advanced coder questions in ASP 3. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 21st, 2012, 01:36 PM
Registered User
 
Join Date: Sep 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Encryption issues - encrypt, not encrypt, why encrypt and how encrypt?

Hi All

I know what I'm about to put down is probably more theorectical than an pure ASP prob, but I don't know where else to post over this forum of my ilk!! :0)

Basically I've created a classic asp web app that connects to an sql 2008 express db via ssl and even though the whole sys runs on/through ssl I've been told that I should encrypt certain parts of the db's content just in case anybody gets onto my server and hacks into the db.

Now I started to use an old Base64 encryption with a key bit of code that I've had for a bit, but somebody told me that base64 just converts the text into a better transport method rather than actually encrypting it and its easy to hack, but I've put a long key in and it doesn't seem to convert back and forth properly without knowing the key - are they right?? Should I be using something else?

Having started to encrypt certain parts, eg a person's name, dob, etc, it suddenly dawned on me that although I'm encrypting and decrypting as I go if I want to do search queries then it ain't gonna work. For example if I want to find all the people with 'gar' in their name then this isn't going to work and if I want to find all the people who are born between Apr and May then this isn't either.

My second query is, if I've got the dbs on a dedicated server running only one site, loads of password access only and on https do I really need to encrypt db fields as well?? If so, how do I get round these query (and sort order) issues??

Thanks

Laphan
 
Old June 21st, 2012, 06:48 PM
Friend of Wrox
 
Join Date: Jan 2004
Posts: 1,870
Thanks: 12
Thanked 20 Times in 20 Posts
Send a message via AIM to mat41
Default

Im sorry I dont have the answers you are looking for but here is my 2c worth. IMO encrypting information that is sent and the string in the database table you are storing (you are storing the encrypted sting I assume?) other than password is unnecessary especially if you are working on SSL! The security provided by the secure layer should be enough. Unless you a bank or a similar type of organization
__________________
Wind is your friend
Matt





Similar Threads
Thread Thread Starter Forum Replies Last Post
How to encrypt Javascript? Edward King Javascript How-To 6 August 11th, 2011 05:40 AM
Encrypt Data Brendan Bartley Access 2 April 29th, 2008 08:30 AM
Need help password encrypt flyfish SQL Server 2000 9 July 12th, 2005 01:23 PM
About Column Encrypt jabby SQL Server 2000 2 November 30th, 2004 11:57 AM
Encrypt data Ned SQL Server 2000 1 February 4th, 2004 12:08 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.