Quick Security Question..Quick Security Question..
Old forum URL: forums.lhotka.net/forums/t/1873.aspx
RangerGuy posted on Thursday, November 30, 2006
I have a web form that is going to be taking some sensitive information. When it's submitted via a HTTPS link it's encrypted but what about once I populate my CSLA objects with it on the server will it be secured or do I need to apply some encryption to the fields that contain the sensitive data to be passed to the db?ajj3085 replied on Thursday, November 30, 2006
Usually it depends on the data. If you're storing a password, its probably better to keep it encrypted (hashed actually) in the database. Credit card numbers should probably be encrypted before being sent to the db (because you'll have to unencrypt it later possibly).
Also, how is the web server connected to the db server? If its over a trusted connection, encryption may be overkill. But if the web server connection to the database server could be publicly visible, you may want to use an encrypted connection to sql server. I've personally never set that up, but you should be able to google to find answers on how that is done.
HTH
Andy
Copyright (c) Marimer LLC
