D
David Thielen
Hi;
We are storing usernames & passwords in our portal's database. Is there an
advantage to encrypting the data in the database?
At first I was thinking there is no advantage because the connection string
and the decryption key are both in the Web.Config file (encrypted) and so if
one can be decrypted, the other can too.
But then I was thinking what if person A knows the connection string, person
B knows the decryption key, and person C is the only one who can log in to
the server and places the encrypted Web.Config entries.
Does this make things more secure or just more complicated?
--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
We are storing usernames & passwords in our portal's database. Is there an
advantage to encrypting the data in the database?
At first I was thinking there is no advantage because the connection string
and the decryption key are both in the Web.Config file (encrypted) and so if
one can be decrypted, the other can too.
But then I was thinking what if person A knows the connection string, person
B knows the decryption key, and person C is the only one who can log in to
the server and places the encrypted Web.Config entries.
Does this make things more secure or just more complicated?
--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm