SQL Server 2008和ASP.net登录最佳实践问题 [英] SQL Server 2008 and ASP.net Login Best Practice Question

问题描述

我必须为Web应用程序设置安全性，我们将让域外的用户登录以访问PHI(患者健康信息)数据.我想使用ASP.net登录控件，但对用于存储登录信息的数据库的最佳做法有疑问.

可以在与包含PHI数据的数据库不同的数据库中设置安全性登录数据吗?还是包含安全性数据的表需要驻留在同一数据库中?我们可能还有其他应用程序，需要使用asp.net控件并存储登录信息，我认为最好将所有信息都存储在一个数据库中.

其他人怎么想?关于安全性，您做了什么?是否有任何链接，文章或白皮书讨论保护登录信息安全的最佳做法?

谢谢，
Carolyn

I''m having to set up security for a web application where we will be having users outside of our domain logging in to access PHI (Patient Health Information) data. I would like to use the ASP.net login controls but have a question about best practices for the database for storing the login information.

Can the security login data be set up in a different database from the database containing the PHI data? Or do the tables containing the security data need to reside in the same database? We may have other application that we will need to use the asp.net controls and store the login information and I was thinking it was better to have it all in one database.

What does everyone else think? What have you done when it comes to security? Are there any links, articles, or white papers talking about best practices for securing login information?

Thanks,
Carolyn

推荐答案

Carolyn，

只要使用md5，sha1，sha256等对密码字段进行加密，使用相同的数据库就不会出现问题.

问候，
爱德华

Hi Carolyn,

There is no problem in using the same database as long as you encrypt the password field using md5, sha1, sha256, etc.

Regards,
Eduard

这篇关于SQL Server 2008和ASP.net登录最佳实践问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！