Securing fields

David Lozzi · Jun 8, 2006

Howdy,

I'm planning on storing credit card numbers in my SQL database for online
ecommerce. Whats the best scenario to secure the data in SQL? Can I encrypt
the field so if browsing table data it won't appear? Of course i'm using SSL
for capturing the data from the website, sending it SQL. the SQL database
has limited logins and access but I want to protect this information as best
as I can.

Thanks,

--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com

PeterKellner · Jun 8, 2006

Howdy,

I'm planning on storing credit card numbers in my SQL database for online
ecommerce. Whats the best scenario to secure the data in SQL? Can I encrypt
the field so if browsing table data it won't appear? Of course i'm using SSL
for capturing the data from the website, sending it SQL. the SQL database
has limited logins and access but I want to protect this information as best
as I can.

Thanks,

Great idea to encrypt it in the server. I wish more companies would
do this. I'm not sure if you asking whether you should, or how you
should. If you need help on the how side, the book Pro ASP.NET 2.0
2.0 in C# 2005 by Apress has a great example of doing exactly what you
are looking for on page 859. Their source is probably on line also.
(it's chaper 25)

good luck
Peter Kellner
http://peterkellner.net

David Lozzi · Jun 8, 2006

Yes, its more of a How than a Should. I'm working on .Net 1.1.

--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com

Steve C. Orr [MVP, MCSD] · Jun 9, 2006

I would advise not storing credit card numbers in your database at all, that
way it's impossible for any one to hack in and get them. After the credit
card number is processed, throw it away.
If you MUST keep it, definitely encrypt it. SQL Server 2005 has built in
encryption functions you can use.

Otherwise you might choose to use some .NET 1.x encryption techniques, such
as these:
http://www.aspnetpro.com/NewsletterArticle/2003/10/asp200310kd_l/asp200310kd_l.asp
http://www.fawcette.com/vsm/2003_01/magazine/columns/gettingstarted/

prabhupr · Jun 10, 2006

Hope this helps

http://blogs.msdn.com/lcris/archive/2005/06/10/428178.aspx

Thanks
PP

Combine Crystal Reports into one PDF	2	Apr 17, 2006
Parse value from name/value pair string	0	Jun 8, 2006
Select Web Site in Web Setup Project	0	Apr 24, 2006
MSDE on Windows 2000 Pro	3	May 16, 2006
Configuration Errors	0	Jun 8, 2006
Configuration Error...	0	Apr 24, 2006
Available Java, Dot net and SAP SD CRM consultants with us......................	2	Jul 18, 2007
Let me present list of my available const	3	Jul 17, 2007

Securing fields

David Lozzi

PeterKellner

David Lozzi

Steve C. Orr [MVP, MCSD]

prabhupr

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads