Re: How do I make my database secure?
- From: "Norman Yuan" <NotReal@xxxxxxxxxxx>
- Date: Thu, 17 Nov 2005 12:39:12 -0700
Besides what said in other post, when storing sensitive data, such as credit
card info, you should not store the data in database as clear text. You
should encrypt the data itself before place it into database. And then when
your app reads these data, you decrypt them. So that the data is not
physically readable by anyone other than your app.
"COHENMARVIN" <cohenmarvin@xxxxxxxxxxx> wrote in message
news:1132253676.405124.194210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>I have a sql server database hosted by an ISP. It has credit card
> fields. I want to make the database secure.
> My asp.net pages refer to the database as follows:
> strConnection =
> ConfigurationSettings.AppSettings["ConnectionInformation"];
> Which means they get the connectionstring for the database from a
> web.config file.
> The web.config file has the following tags:
> <appSettings>
> <add key="ConnectionInformation"
> value="Server=sql2k5.earthweb.com;Database=merc_One;uid=usa_hvtest;password=vinyl"
> />
> </appSettings>
> Is there some way to encrypt the connection string? Would it be
> encrypted in the web.config? Could some hacker get at the web.config?
> Are there any other security measures I could take? For instance,
> could the creditcard fields be encrypted in the database?
> Thanks in advance for any pointers.
> -- Marvin
>
.
- Follow-Ups:
- Re: How do I make my database secure?
- From: John Murray
- Re: How do I make my database secure?
- References:
- How do I make my database secure?
- From: COHENMARVIN
- How do I make my database secure?
- Prev by Date: RE: Using a CheckBox in a DataGrid to Update a Bit Type Data Field
- Next by Date: Re: VS.NET 2005 Migration problem
- Previous by thread: Re: How do I make my database secure?
- Next by thread: Re: How do I make my database secure?
- Index(es):
Relevant Pages
|
