Anyone have a good idea for encrypting salary data in US $? I have an Access
database with some salary info connected to ASP on our intranet. My manager
is somewhat apprehensive about the level of security currently provided. I'm
using basic authentication (I think that's what it is called). It relies on
NT directory permissions and code to query "AUTH_USER" . Does anyone have a
simple encryption idea that can take US$, 5 digit employee ID, encrypt it
and store it in Access' Currency data type? The database will store the
salary encrypted. When an authorized user hits the ASP it will display
decrypted values. All data maintenance is done with various ASP which must
be able to do the encryption/decryption by vbscript.
thanks
LJB
19  2250 
Where are you going to display this "encrypted" data in a meaningful form?
Once you've encrypted the information, great, now what you need to protect
is the decryption algorithm. Anyone have a good idea for encrypting salary data in US $? I have an
Access database with some salary info connected to ASP on our intranet. My
manager is somewhat apprehensive about the level of security currently provided.
I'm using basic authentication (I think that's what it is called). It relies
on NT directory permissions and code to query "AUTH_USER" . Does anyone have a
simple encryption idea that can take US$, 5 digit employee ID, encrypt it
and store it in Access' Currency data type? The database will store the
salary encrypted. When an authorized user hits the ASP it will display
decrypted values. All data maintenance is done with various ASP which must
be able to do the encryption/decryption by vbscript.
thanks
LJB
"ljb" <.> wrote in message news:ur******** *****@TK2MSFTNG P12.phx.gbl... Anyone have a good idea for encrypting salary data in US $? I have an
Access database with some salary info connected to ASP on our intranet. My
manager is somewhat apprehensive about the level of security currently provided.
I'm using basic authentication (I think that's what it is called). It relies
on NT directory permissions and code to query "AUTH_USER" . Does anyone have a
simple encryption idea that can take US$, 5 digit employee ID, encrypt it
and store it in Access' Currency data type? The database will store the
salary encrypted. When an authorized user hits the ASP it will display
decrypted values. All data maintenance is done with various ASP which must
be able to do the encryption/decryption by vbscript.
thanks
LJB
There are a number of encryption scripts here: http://www.aspin.com/func/search?tre...ncryption&cat=
To improve security there are a number of things you can do, including:
1.If the users accessing this application are using IE then it's better to
use 'Integrated authentication' set under 'directory security' in the
website properties. This will prevent the login details being sent
unencrypted across the network. If they are not running IE then you could
still use basic authentication but do it over SSL.
2.Make sure the server is patched with all the latest security updates.
3.Password protect the database.
4.If those using the application have static IPs then you could restrict
access to the application by IP (in directory security under website
preference).
chopper
Only when an authorized user views the single employee record by ASP will
the data be meaningful.
I realize that protection of the algorithm becomes critical. Since the NT
directories don't allow Anonymous browsing I'm counting on that to protect
the algorithm. I'm not expecting high security just something to hinder
accidental release of the info.
My original request was to store the encrypted data in Access' Currency data
type. Is that easily possible? My goal was to not require a change to the
table. Perhaps storing the data in a string is easier to accomplish.
"Aaron Bertrand - MVP" <aa***@TRASHasp faq.com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. .. Where are you going to display this "encrypted" data in a meaningful form?
Once you've encrypted the information, great, now what you need to protect
is the decryption algorithm.
> I realize that protection of the algorithm becomes critical. Since the NT directories don't allow Anonymous browsing I'm counting on that to protect
the algorithm.
Wow, you have a lot of faith. The problem here is that you have an ASP page
which is responsible for decrypting things. So, whether you put that
algorithm right in the ASP page, or in a DLL, there is going to be a vector
for at least using, if not reverse engineering, the algorithm... and trust
me, a determined person within your company is going to get to it. Also,
Access is not the most secure place for this kind of sensitive
information!!!
My original request was to store the encrypted data in Access' Currency
data type. Is that easily possible?
Access doesn't support encryption natively, so what you are going to have to
do is encrypt or encode the data OUTSIDE of the database, and store it in a
VARCHAR column rather than a CURRENCY column. Alternatively, you could use
some other numbering system which is NOT incremental, e.g. $60,000 = 45,
$50,000 = 72, etc. etc. More like a code than encryption. Then, at least,
you could continue to use a numeric-based column.
Thanks for the pointer to some algorithms. Certainly enough there for me to
pick one and get going. Looks like I will probably need to store the
encrypted values as a string.
"ljb" <.> wrote in message news:ec******** ******@TK2MSFTN GP11.phx.gbl... Thanks for the pointer to some algorithms. Certainly enough there for me
to pick one and get going. Looks like I will probably need to store the
encrypted values as a string.
Yes, you'll have to store them as strings as the output from all the
encryption functions are strings.
I agree with every point. This application is not well thought out. I'm new
to this work group and was immediately assigned the task of extending what a
former secretary had developed. Around here they give anyone who wants one a
day long class in Access then send them back to their desk with instructions
to procreate. Soon after they get promoted because they have become "expert"
and someone else is expected to complete and extend the application.
"Aaron Bertrand - MVP" <aa***@TRASHasp faq.com> wrote in message
news:ex******** *****@TK2MSFTNG P10.phx.gbl... I realize that protection of the algorithm becomes critical. Since the
NT directories don't allow Anonymous browsing I'm counting on that to
protect the algorithm.
Wow, you have a lot of faith. The problem here is that you have an ASP
page which is responsible for decrypting things. So, whether you put that
algorithm right in the ASP page, or in a DLL, there is going to be a
vector for at least using, if not reverse engineering, the algorithm... and trust
me, a determined person within your company is going to get to it. Also,
Access is not the most secure place for this kind of sensitive
information!!!
My original request was to store the encrypted data in Access' Currency data type. Is that easily possible?
Access doesn't support encryption natively, so what you are going to have
to do is encrypt or encode the data OUTSIDE of the database, and store it in
a VARCHAR column rather than a CURRENCY column. Alternatively, you could
use some other numbering system which is NOT incremental, e.g. $60,000 = 45,
$50,000 = 72, etc. etc. More like a code than encryption. Then, at
least, you could continue to use a numeric-based column.
> then send them back to their desk with instructions to procreate.
Geez, we can get fired around here for that. :-)
They must have an in-house daycare
"Aaron Bertrand - MVP" <aa***@TRASHasp faq.com> wrote in message
news:uw******** ******@TK2MSFTN GP12.phx.gbl... then send them back to their desk with instructions
to procreate.
Geez, we can get fired around here for that. :-)
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Troll |
last post by:
Hi,
I need to write a script which reads some data and reports the findings.
Just to give you an idea the structure is similar to the following.
Data input example:
HEADING 1
**********
ColumnA ColumnB ColumnC ColumnD ColumnE
|
by: sallyk57 |
last post by:
Help with following Programs:
Write two programs one where the performance rating here shoud be entered as a int where Excellent =1, Good= 2, Poor=3. an employee who is rated excellent will receive a 6% raise, one rated good will receive a 4% raise, and one rated poor will receive a 1.5% raise. Add the if... else... statements to program Salary to make it run as described above.
//...
|
by: kiss07 |
last post by:
Hi friends,
I explain detail
I have two table emp and dept, Emp table three columns(name,salary,age)
and Dept have two columns( name ,and salary).
In first table Emp have data's in all columns, and Dept(table) have data's only in name,not in salary column.Now i fill the salary column in Dept table from
Emp table Salary column wise.
|
by: james121285 |
last post by:
This is to calculate an employees tax and pension.
The salary is input from the keyboard.
The NI contribution is calculated as 6% of the gross salary.
The pension contribution is calculated as 2% of the gross salary.
The income tax is computed progressively after detracting NI and pension contributions. The taxable amount (after detractions) is divided into bands, each taxed at a different rate as follows:
Gross yearly income: Tax rate:...
|
by: zfareed |
last post by:
Is it possible to print an array that is declared from a class type
that also contains private data members?
I have declared an array in the main function and then set the values
for the array thru member functions. Now I need to print the array
from main but the error states that those elements are private. Here
is some of my code:
class Employee
{
private:
| | |
by: sheenaa |
last post by:
Hello Members,
I m creating my application forms in ASP.Net 2005 C# using the backend SQL Server 2005.
What i have used on forms :: ?
On my first form i have used some label,textboxs,dropdownlists,radiobutton and checkbox asp standard controls.
On the click event of the command button the data gets stored into the database.
I have created the stored procedures for the insert,update,delete.
I have...
|
by: mobaligh |
last post by:
I have two tables, tblEmployees and tblEmployeepayment. tblEmployees has the following fields the data to this table comes from our payroll system
EmployeeID
Name
Paygroup
Employeestatus
Annualsalary
tlbEmployeepayment has the following fields which will be entered by the user.
|
by: KevinADC |
last post by:
If you are entirely unfamiliar with using Perl to sort data, read the "Sorting Data with Perl - Part One and Two" articles before reading this article. Beginning Perl coders may find this article uses unfamiliar terms and syntax. Intermediate and advanced Perl coders should find this article useful. The object of the article is to inform the reader, it is not about how to code Perl or how to write good Perl code, but to teach the Schwartzian...
|
by: blehhhhh |
last post by:
hi guys,
So i have this java assignment where I have to create an employee class with given datatypes and have accessor methods in it. Along with that i have to create a text file(data file) with each employee's data on a single line for every detail. then in the main method, I have to create the 2 employee objects and then read all the employee data from the data file to the respective employee objects that's already created. Next i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
