Re: ADO.NET Update two tables using one SQLCommandBuilder

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

It's not unreachable. Many security breaches occur from inside the firewall
by employees that have access that outsiders don't. Sure, encrypting
information doesn't mean that a savvy adversary couldn't get it, but there
is virtually 0 cost assoicated with encrypting it so making it more
difficult to tamper with is practically free..

And more importantly, if you have to change the database or later move to
mixed mode authentication, you can avoid a recompile by moving it to a
configuration file. And if it's already encrypted, then you won't have to
change 1 line of code to accomodate this change. In addition, by obscuring
the name of the db, you could stop someone from easily changing it to an
additional or different server. I know personally of a major US bank where
an intern found a script of part of the db and loaded an Oracle database on
his machine. He went into a VB6 application and changed the settings to
point over to his machine's db and then ran the application like he normally
would - checking all the data that came back and forth. Since multiple
servers were used, he did this one at a time with a few different databases
and found out quite a bit information from this. Fortunately he was fired
after being discovered - but this is a prime example of something that
couldn't have happened (at least not as easliy) if the server info was
encrypted.




"Cor Ligthert [MVP]" <notmyfirstname@xxxxxxxxx> wrote in message
news:%237xGfzpkFHA.2472@xxxxxxxxxxxxxxxxxxxxxxx
> Bill,
>
> Why encrypt something when it is unreachable, that was the sense of my
> question.
>
> It is in a metaphor something as hiring a safe in a quality bank for your
> diamonds and put those than in your own small inferior safe inside that
> safe with a code lock on that.
>
> Cor
>


.

Relevant Pages

  • RE: Transferring data to web host
    ... Because SSL is implemented on the TCP/IP protocol using the SQL Server ... fine with encrypting sensitive columns and then transmitting using SSL. ... Move the tables/data from your main database to a staging database. ...
    (microsoft.public.sqlserver.security)
  • Re: general concerns regarding hacking of .NET assemblies
    ... >> CLI metadata to more or less random names, and optionally encrypting ... >> passwords used to access remote data, like a database server). ... >> Of course the password is encrypted in the file, but once the hacker finds ... > in .Net to sign your assemblies with a strong name, ...
    (microsoft.public.dotnet.security)
  • Re: AES Questions From Another Dummy.
    ... C++ rand() is typically not recommended. ... Encrypting so several people can read it makes me think public-key crypto.. ... The other extreme would be to have everything in the database encrypted using ...
    (sci.crypt)
  • RE: general concerns regarding hacking of .NET assemblies
    ... > disassembled into its easily readable, underlying CLI code. ... > CLI metadata to more or less random names, and optionally encrypting internal ... > passwords used to access remote data, like a database server). ... > My application connects to a remote database, so let’s say a hacker wants to ...
    (microsoft.public.dotnet.security)
  • Re: general concerns regarding hacking of .NET assemblies
    ... > management application using the .NET framework and am becoming worried ... > CLI metadata to more or less random names, and optionally encrypting ... > passwords used to access remote data, like a database server). ... in .Net to sign your assemblies with a strong name, ...
    (microsoft.public.dotnet.security)