How do I make my database secure?

From: "COHENMARVIN" <cohenmarvin@xxxxxxxxxxx>
Date: 17 Nov 2005 10:54:36 -0800

I have a sql server database hosted by an ISP. It has credit card
fields. I want to make the database secure.
My asp.net pages refer to the database as follows:
strConnection =
ConfigurationSettings.AppSettings["ConnectionInformation"];
Which means they get the connectionstring for the database from a
web.config file.
The web.config file has the following tags:
<appSettings>
<add key="ConnectionInformation"
value="Server=sql2k5.earthweb.com;Database=merc_One;uid=usa_hvtest;password=vinyl"
/>
</appSettings>
Is there some way to encrypt the connection string? Would it be
encrypted in the web.config? Could some hacker get at the web.config?
Are there any other security measures I could take? For instance,
could the creditcard fields be encrypted in the database?
Thanks in advance for any pointers.
-- Marvin

.

Follow-Ups:
- Re: How do I make my database secure?
  - From: Norman Yuan
- Re: How do I make my database secure?
  - From: Bruce Barker

Prev by Date: File Upload Without Caching
Next by Date: Re: getting an absolute path
Previous by thread: File Upload Without Caching
Next by thread: Re: How do I make my database secure?
Index(es):
- Date
- Thread

Relevant Pages

Re: Storing Connection String
... you can encrypt the traffic to the SQL Server. ... Hitchhiker's Guide to Visual Studio and SQL Server ... My idea is to have just one database user whose username and password ... Which means that if an user get hold of connection string ...
(microsoft.public.dotnet.framework.adonet)
Re: Multiple key scheme -- Am I gaining anything?
... > I am writing transaction information to a database. ... > I have a file with several thousand psuedo-random characters. ... > key to encrypt the credit card info in that record. ...
(sci.crypt)
Re: Secure Transactions over HTTPS????
... we were doing 80,000 credit card transactions a day. ... Where the weak part is usually, is hackers getting to the database. ... Internet firewall) so that the only access was via VPN to the private ... The VPN was not for the encryption, ...
(Focus-Microsoft)
Re: Form Security & Integration with ASP
... I never store the CID in the database, instead when the CC is stored in the ... >> A truly secure eCommerce web site never stores the full credit card data ...
(microsoft.public.frontpage.client)
Re: How to Passing Data to another Database
... You can set the connection String that you open to be the ... Public cnnProductConversion As ADODB.Connection ... DO NOT GET CAUGHT storing a customers credit card ... However I am going to keep it seperate from my Order Entry Database. ...
(microsoft.public.access.formscoding)