i want to encrypt the data. still i am following to do this on ASP.NET Pages. i came to know that we can apply encryption/decryption on data at Backend means on SQL SERVER. I want to know which is the better way. Will i change it to on SQL SERVER or will go with as it is?
我想加密数据。我仍然在用ASP做这个。网络页面。我知道我们可以对SQL SERVER上后端方式的数据应用加密/解密。我想知道哪种方法更好。我是在SQL SERVER上修改它,还是按原样修改?
I have studied This link to study which say only required columns should be encrypt/decrypt, not whole database. So please let me know which is better way from both of them.
我研究了这个链接,研究说只有必需的列应该是加密/解密的,而不是整个数据库。所以请让我知道这两种方法哪个更好。
1 个解决方案
#1
1
The problem I would say is that the data and the key are stored on the SQL Server. That means if a user was able to get some type of administrative access, or with the right privileges you would potentially compromise all your encrypted data.
我要说的问题是数据和密钥存储在SQL服务器上。这意味着,如果用户能够获得某种类型的管理访问,或者拥有正确的权限,您可能会危及所有加密数据。
The other problem is what happens if the database is stolen, and then later on some vulnerability was found with the mechanism that SQL server was using? These things happen such as when the padding oracle bug was found with scriptresource.axd http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html .
另一个问题是,如果数据库被盗,然后用SQL server正在使用的机制找到某个漏洞,会发生什么情况?这些事情会发生,比如当使用scriptresource发现oracle bug时。axd http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html。
#1
1
The problem I would say is that the data and the key are stored on the SQL Server. That means if a user was able to get some type of administrative access, or with the right privileges you would potentially compromise all your encrypted data.
我要说的问题是数据和密钥存储在SQL服务器上。这意味着,如果用户能够获得某种类型的管理访问,或者拥有正确的权限,您可能会危及所有加密数据。
The other problem is what happens if the database is stolen, and then later on some vulnerability was found with the mechanism that SQL server was using? These things happen such as when the padding oracle bug was found with scriptresource.axd http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html .
另一个问题是,如果数据库被盗,然后用SQL server正在使用的机制找到某个漏洞,会发生什么情况?这些事情会发生,比如当使用scriptresource发现oracle bug时。axd http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html。