加密数据库中的数据 [英] Encrypting data within the DB
问题描述
您好,
我在Windows 2000服务器上运行Microsoft SQL Server 2000。我已经使用SQL Server,建立ASP网站多年了。
我绝不是专家 - 我也没有接受任何正式培训。所以,如果我的问题看起来很简单,请与我联系。
我对敏感数据和加密有一些疑问。
有一个项目是我的方式,社会安全号码
被用作帐户的唯一标识符。我总是将
用作标识列作为唯一标识符。使用SSN作为唯一标识符的优点是什么?
#1如何加密要存储的数字? D B。这是在SQL Server中完成的吗?
?或者在插入数据之前?
#2是否可以使用加密字段作为唯一标识符?
我的直觉告诉我使用标识列,加密SSN而不是使用
它作为标识符的任何部分。
感谢您的帮助..新年快乐!
请回复新闻组。
***通过Developersdex发送 http://www.developersdex.com ***
不要只是参加USENET ......获得奖励为了它!
这种情况并不常见,但社会安全号码可能会更改
给定时间。它肯定应该是人们快速找到b $ b b个人的一种方式,但我不认为它应该是主键 -
至于加密方式查看 www.webwizguide上提供的论坛的源代码。
。 com - 有一个非常好的加密系统
内置于我已经使用过很多次的软件中我无法敲它 -
kimi < ki*@kimmyXSPAMX.com>在消息中写道
新闻:3f *********************** @ news.frii.net ...您好,
我在Windows 2000 Sever上运行Microsoft SQL Server 2000。我已经使用SQL Server,建立ASp网站多年了。
我绝不是专家 - 我也没有接受任何正式培训。如果我的问题看起来很简单,请与我联系
我对敏感数据和加密有一些疑问。
有一个项目是我的头脑方式是社会安全号码
被用作帐户的唯一标识符。我一直将
用作标识列作为唯一标识符。使用SSN作为唯一标识符的优点和缺点是什么?
#1如何加密要存储在数据库中的数字。这是在SQL Server中完成的吗?或者在插入数据之前?
#2是否可以使用加密字段作为唯一标识符?
我的直觉告诉我使用标识列,加密SSN并不使用
它作为标识符的任何部分。
感谢您的帮助..新年快乐!
请回复新闻组。
***通过开发人员指南 http://www.developersdex.com ***
不要只是参加USENET ......获得奖励!
kimi < ki*@kimmyXSPAMX.com>在消息中写道
新闻:3f *********************** @ news.frii.net ...您好,
我在Windows 2000 Sever上运行Microsoft SQL Server 2000。我已经使用SQL Server,建立ASp网站多年了。
我绝不是专家 - 我也没有接受任何正式培训。如果我的问题看起来很简单,请与我联系
我对敏感数据和加密有一些疑问。
有一个项目是我的头脑方式是社会安全号码
被用作帐户的唯一标识符。我一直将
用作标识列作为唯一标识符。使用SSN作为唯一标识符的优点和缺点是什么?
#1如何加密要存储在数据库中的数字。这是在SQL Server中完成的吗?或者在插入数据之前?
#2是否可以使用加密字段作为唯一标识符?
我的直觉告诉我使用标识列,加密SSN并不使用
它作为标识符的任何部分。
感谢您的帮助..新年快乐!
请回复新闻组。
***通过开发人员指南 http://www.developersdex.com ***
不要只是参加USENET ......获得奖励!
1.没有内置加密MSSQL中的机制,但有一些
可用的第三方产品:
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22
或者,使用您的前端应用程序中的Windows CrpytoAPI
encrpyt / decrypt访问数据,因此数据库只存储
加密值。
2.任何保证唯一值的列都可能是关键,但是
加密解决方案可能会产生一些不合适的东西,例如很长的价值,这对于使用起来很尴尬。
个人,我会选择你提出的解决方案,并避免将SSN作为
键。例如,如果你的解决方案是国际化的,那么基于SSN的所有东西都会突然变成一个问题。某种人工钥匙
是一种有用的解决方案。但最终你必须根据你的要求决定
。
Simon
> As加密程序检查>论坛的源代码
可在 www.webwizguide.com - 有一个非常好的>加密
系统进入我已经使用了很多次的软件而且我无法敲门
it -
感谢上面的链接。我会先得到这个机会。
我对这个论坛有些熟悉。谢谢。
请回复新闻组..
***通过Developersdex发送 http://www.developersdex.com ***
不要只是参加USENET ......获得奖励!
Hello,
I am running Microsoft SQL Server 2000 on a Windows 2000 Sever. I have
been working with SQL Server, Building ASp WebSites for many years now.
I am by no means an expert - nor have I had ANY formal training. So ebar
with me if my questions seem elementary...
I have some questions regarding sensitive data and encryption.
There is a project that is headed my way were the social security number
is being used as the unique identifier for an account. I have always
used as identity column as a unique identifier. What would be the pros
and cons of using the SSN as a unique identifier?
#1 How do I go about encrypting the number to store in the DB. Is this
done within SQL Server? Or before the data is inserted?
#2 Is it possible to use an encrypted field as a unique identifier?
My gut tells me to use the identity column , encrypt the SSN and not use
it as any part of an identifier.
Thank You for your Help.. Happy New Year!
Please Reply to the Newsgroup.
*** Sent via Developersdex http://www.developersdex.com ***
Don''t just participate in USENET...get rewarded for it!
It is not common but it is possible for a Social Security number to change
given time. It should certainly be a way for people to quickly find
individuals however I dont think it it should be a primary key --
As far as encryption goes check out the source code for the forums that are
available at www.webwizguide.com -- there is a very nice encryption system
built into the software that I have used many a time and I cant knock it --
"kimi" <ki*@kimmyXSPAMX.com> wrote in message
news:3f***********************@news.frii.net...Hello,
I am running Microsoft SQL Server 2000 on a Windows 2000 Sever. I have
been working with SQL Server, Building ASp WebSites for many years now.
I am by no means an expert - nor have I had ANY formal training. So ebar
with me if my questions seem elementary...
I have some questions regarding sensitive data and encryption.
There is a project that is headed my way were the social security number
is being used as the unique identifier for an account. I have always
used as identity column as a unique identifier. What would be the pros
and cons of using the SSN as a unique identifier?
#1 How do I go about encrypting the number to store in the DB. Is this
done within SQL Server? Or before the data is inserted?
#2 Is it possible to use an encrypted field as a unique identifier?
My gut tells me to use the identity column , encrypt the SSN and not use
it as any part of an identifier.
Thank You for your Help.. Happy New Year!
Please Reply to the Newsgroup.
*** Sent via Developersdex http://www.developersdex.com ***
Don''t just participate in USENET...get rewarded for it!
"kimi" <ki*@kimmyXSPAMX.com> wrote in message
news:3f***********************@news.frii.net...Hello,
I am running Microsoft SQL Server 2000 on a Windows 2000 Sever. I have
been working with SQL Server, Building ASp WebSites for many years now.
I am by no means an expert - nor have I had ANY formal training. So ebar
with me if my questions seem elementary...
I have some questions regarding sensitive data and encryption.
There is a project that is headed my way were the social security number
is being used as the unique identifier for an account. I have always
used as identity column as a unique identifier. What would be the pros
and cons of using the SSN as a unique identifier?
#1 How do I go about encrypting the number to store in the DB. Is this
done within SQL Server? Or before the data is inserted?
#2 Is it possible to use an encrypted field as a unique identifier?
My gut tells me to use the identity column , encrypt the SSN and not use
it as any part of an identifier.
Thank You for your Help.. Happy New Year!
Please Reply to the Newsgroup.
*** Sent via Developersdex http://www.developersdex.com ***
Don''t just participate in USENET...get rewarded for it!
1. There is no built-in encryption mechanism in MSSQL, but there are a
number of third-party products available:
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22
Alternatively, use the Windows CrpytoAPI from your front end application to
encrpyt/decrypt as you access the data, so the database only ever stores the
encrypted value.
2. Any column which has guaranteed unique values could be a key, but your
encryption solution might produce something unsuitable, such as a very long
value which would be awkward to work with.
Personally, I would go with your proposed solution, and avoid the SSN as a
key. For example, if your solution ever goes international, then basing
everything on an SSN will suddenly become an issue. An artificial key of
some sort is a useful solution. But ultimately you have to decide based on
your requirements.
Simon
>As far as encryption goes check out the source code for >the forums
that areavailable at www.webwizguide.com -- there is a very nice >encryption systembuilt into the software that I have used many a time and I >cant knock
it --
Thank you for the link above. I will check this out first chance I get.
I am somewhat familiar with this forum. Thanks.
Please Reply to the Newsgroups..
*** Sent via Developersdex http://www.developersdex.com ***
Don''t just participate in USENET...get rewarded for it!
这篇关于加密数据库中的数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
