how to use encryption in a db behind an asp website?

  • winston Smith

    SSCoach

    Points: 19484

    Hi. Lets say i have an asp.net site wtih forms authentication, where the username and password are checked against values stored in a table, all done via https so the password data cant fall into the wrong hands. once the user is authenticate this is my idea:

    each user has a status, stored in the status column of the users table  : Admin or RegularUser.

    if the user status is an Admin, and clicks on something that returns encrypted data, a sproc checks the user has admin status and uses impersonation to impersonate a login that has control to use the encryption key that encrypted the data. so the data is returned unencrypted.

     

    is this a valid way of using encryption via asp.net, or are their security issues?

  • AndrewM-375946

    Right there with Babe

    Points: 717

    type encryption into the search bar, there are many articles that will get you started.

  • winston Smith

    SSCoach

    Points: 19484

    i have done this ages ago,and this is what gave me my current knowledge of encryption. i can encrypt columns and set them to be viewable by only certain logins, however i cant bridge the gap between using this in sql server managment studio and in an asp.net web site.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply