Securing fields

Discussion in 'ASP .Net' started by David Lozzi, Jun 8, 2006.

  1. David Lozzi

    David Lozzi Guest

    Howdy,

    I'm planning on storing credit card numbers in my SQL database for online
    ecommerce. Whats the best scenario to secure the data in SQL? Can I encrypt
    the field so if browsing table data it won't appear? Of course i'm using SSL
    for capturing the data from the website, sending it SQL. the SQL database
    has limited logins and access but I want to protect this information as best
    as I can.

    Thanks,

    --
    D a v i d L o z z i
    Data & Web Technology Specialist
    Delphi Technology Solutions, Inc.
    Wilmington, MA
    dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com
     
    David Lozzi, Jun 8, 2006
    #1
    1. Advertising

  2. David Lozzi

    PeterKellner Guest

    On Wed, 7 Jun 2006 23:55:49 -0400, "David Lozzi"
    <> wrote:

    >Howdy,
    >
    >I'm planning on storing credit card numbers in my SQL database for online
    >ecommerce. Whats the best scenario to secure the data in SQL? Can I encrypt
    >the field so if browsing table data it won't appear? Of course i'm using SSL
    >for capturing the data from the website, sending it SQL. the SQL database
    >has limited logins and access but I want to protect this information as best
    >as I can.
    >
    >Thanks,



    Great idea to encrypt it in the server. I wish more companies would
    do this. I'm not sure if you asking whether you should, or how you
    should. If you need help on the how side, the book Pro ASP.NET 2.0
    2.0 in C# 2005 by Apress has a great example of doing exactly what you
    are looking for on page 859. Their source is probably on line also.
    (it's chaper 25)

    good luck
    Peter Kellner
    http://peterkellner.net
     
    PeterKellner, Jun 8, 2006
    #2
    1. Advertising

  3. David Lozzi

    David Lozzi Guest

    Yes, its more of a How than a Should. I'm working on .Net 1.1.

    --
    D a v i d L o z z i
    Data & Web Technology Specialist
    Delphi Technology Solutions, Inc.
    Wilmington, MA
    dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com
    "PeterKellner" <> wrote in message
    news:...
    > On Wed, 7 Jun 2006 23:55:49 -0400, "David Lozzi"
    > <> wrote:
    >
    >>Howdy,
    >>
    >>I'm planning on storing credit card numbers in my SQL database for online
    >>ecommerce. Whats the best scenario to secure the data in SQL? Can I
    >>encrypt
    >>the field so if browsing table data it won't appear? Of course i'm using
    >>SSL
    >>for capturing the data from the website, sending it SQL. the SQL database
    >>has limited logins and access but I want to protect this information as
    >>best
    >>as I can.
    >>
    >>Thanks,

    >
    >
    > Great idea to encrypt it in the server. I wish more companies would
    > do this. I'm not sure if you asking whether you should, or how you
    > should. If you need help on the how side, the book Pro ASP.NET 2.0
    > 2.0 in C# 2005 by Apress has a great example of doing exactly what you
    > are looking for on page 859. Their source is probably on line also.
    > (it's chaper 25)
    >
    > good luck
    > Peter Kellner
    > http://peterkellner.net
     
    David Lozzi, Jun 8, 2006
    #3
  4. I would advise not storing credit card numbers in your database at all, that
    way it's impossible for any one to hack in and get them. After the credit
    card number is processed, throw it away.
    If you MUST keep it, definitely encrypt it. SQL Server 2005 has built in
    encryption functions you can use.

    Otherwise you might choose to use some .NET 1.x encryption techniques, such
    as these:
    http://www.aspnetpro.com/NewsletterArticle/2003/10/asp200310kd_l/asp200310kd_l.asp
    http://www.fawcette.com/vsm/2003_01/magazine/columns/gettingstarted/

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://SteveOrr.net



    "David Lozzi" <> wrote in message
    news:%...
    > Howdy,
    >
    > I'm planning on storing credit card numbers in my SQL database for online
    > ecommerce. Whats the best scenario to secure the data in SQL? Can I
    > encrypt the field so if browsing table data it won't appear? Of course i'm
    > using SSL for capturing the data from the website, sending it SQL. the SQL
    > database has limited logins and access but I want to protect this
    > information as best as I can.
    >
    > Thanks,
    >
    > --
    > D a v i d L o z z i
    > Data & Web Technology Specialist
    > Delphi Technology Solutions, Inc.
    > Wilmington, MA
    > dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com
    >
     
    Steve C. Orr [MVP, MCSD], Jun 9, 2006
    #4
  5. David Lozzi

    Guest

    Hope this helps

    http://blogs.msdn.com/lcris/archive/2005/06/10/428178.aspx

    Thanks
    PP


    Steve C. Orr [MVP, MCSD] wrote:
    > I would advise not storing credit card numbers in your database at all, that
    > way it's impossible for any one to hack in and get them. After the credit
    > card number is processed, throw it away.
    > If you MUST keep it, definitely encrypt it. SQL Server 2005 has built in
    > encryption functions you can use.
    >
    > Otherwise you might choose to use some .NET 1.x encryption techniques, such
    > as these:
    > http://www.aspnetpro.com/NewsletterArticle/2003/10/asp200310kd_l/asp200310kd_l.asp
    > http://www.fawcette.com/vsm/2003_01/magazine/columns/gettingstarted/
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://SteveOrr.net
    >
    >
    >
    > "David Lozzi" <> wrote in message
    > news:%...
    > > Howdy,
    > >
    > > I'm planning on storing credit card numbers in my SQL database for online
    > > ecommerce. Whats the best scenario to secure the data in SQL? Can I
    > > encrypt the field so if browsing table data it won't appear? Of course i'm
    > > using SSL for capturing the data from the website, sending it SQL. the SQL
    > > database has limited logins and access but I want to protect this
    > > information as best as I can.
    > >
    > > Thanks,
    > >
    > > --
    > > D a v i d L o z z i
    > > Data & Web Technology Specialist
    > > Delphi Technology Solutions, Inc.
    > > Wilmington, MA
    > > dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com
    > >
     
    , Jun 10, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. call_me_anything
    Replies:
    4
    Views:
    469
    Pete Becker
    Sep 30, 2007
  2. Cyril.Liu
    Replies:
    0
    Views:
    455
    Cyril.Liu
    Dec 2, 2008
  3. middletree

    how to copy from fields to other fields

    middletree, Nov 5, 2003, in forum: ASP General
    Replies:
    1
    Views:
    168
    middletree
    Nov 5, 2003
  4. Replies:
    0
    Views:
    288
  5. AMT2K5
    Replies:
    1
    Views:
    199
    Eric Schwartz
    Nov 8, 2005
Loading...

Share This Page