查询数据库中的加密值 [英] Querying encrypted values in database
问题描述
我必须使用SQL Server 2008 ASP.NET Web应用程序。
I have an ASP.NET Web Application using SQL Server 2008.
当一个交code为通过web应用提交的,它被加密,然后将加密的值被发送到数据库,并插入到表
When a post code is submitted through the web application, it is encrypted, and then the encrypted value is sent to the database and inserted into a table.
我现在需要通过搜索后code一样的地方找到从Web应用程序查询这些职位codeS的一种方式:
I now need to find a way of querying these post codes from the web application by searching for parts of the post code like:
SELECT PostCode
FROM Table
WHERE PostCode LIKE @PostCode + '%'
我怎么能做到这一点不存储在数据库中解密功能? (我认为这是坏的安全性?)
How can I do this without storing a decryption function on the database? (Which I believe is bad for security?)
推荐答案
有真的只有两个选择这里。
There are really only two options here.
-
加密你提交你的选择查询的数据。这样,你在比较两个不同的加密值。当然,如果你使用的是盐,这将失败。
Encrypt the data you are submitting to your select query. That way you are comparing two different encrypted values. Of course, this will fail if you are using a salt..
不要将值存储之前进行加密。相反,只是将它保存正常。如果它确实需要加密,使用SQL Server中提供的加密方法自动加密列:的
Don't encrypt the values prior to storage. Instead, just save it normally. If it really does need to be encrypted, use the encryption methods available within SQL Server to automatically encrypt the column: http://msdn.microsoft.com/en-us/library/ms179331.aspx
您加密的目的基本上是为了保护信息休息。 SQL Server可以单独做到这一点。
The purpose of your encryption is basically to protect information "at rest". SQL server can do this by itself.
这篇关于查询数据库中的加密值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
