Friday, September 09, 2005

SQL Server & .Net Encryption

Q: I would like to encrypt credit card numbers and ssn numbers in the SQL database. The data will be submitted to the database from a .NET application and will be retrieved from a .NET application. Is there anything within .NET that can encrypt and decrypt the fields?

A: There is a System.Security.Cryptography class within .Net that supports various forms of encryption. Also, SQL Server 2000 has a built-in Encrypt() function that can be used. In addition, you should consider encrypting the data crossing the wire from the browser to the server, that's where many security attacks occur.

No comments: