在ASP .NET 2.0和SQL Server 2005中加密工资值 [英] Encrypting Salary value in ASP .NET 2.0 and SQL Server 2005

问题描述

我有一个连接到SQL Server 2005数据库的ASP .NET 2.0网站。该网站很简单，并存储有关员工的信息，包括工资。

I have an ASP .NET 2.0 website connected to a SQL Server 2005 database. The site is pretty simple and stores information about staff, including salary.

加密工资值的最佳方法是什么，所以没有人（包括我自己）可以看到它是什么，除了授权的员工使用网络应用程序？

What is the best way to encrypt the salary value so no-one (including myself) can ever see what it is, except for the authorised staff using the web-app?

我不想在SQL Server上加密/解密，因为我可以运行SQL Profiler来查看信息，所以我认为加密/解密发生在Web服务器上的BLL？

I don't want to encrypt / decrypt on the SQL Server because I could just run SQL Profiler to view the information, so I assume the encrypt/decrypt happens in the BLL on the web server?

此外，我需要SSL才能阻止有人在浏览器和网络服务器之间嗅探HTTP响应？

Also, do I need SSL to stop someone sniffing HTTP responses between the browser and the web server?

非常感谢！

Anthony

推荐答案

SSL可能是您最好的选择以防止某人嗅探，但请注意仍然可能。

SSL is probably your best bet to keep someone from sniffing, but be aware that it is still possible.

对于另一个位，SQL Server 2005支持开箱即用的表级加密。 这是一篇文章。您可以创建一个链接到员工的SALARY表，并保持该表的加密。

As for the other bit, SQL Server 2005 supports table-level encryption out of the box. Here's an article on it. You could create a SALARY table that is linked to an employee and keep that table encrypted.

这篇关于在ASP .NET 2.0和SQL Server 2005中加密工资值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！