Hello,
I am running Microsoft SQL Server 2000 on a Windows 2000 Sever. I have
been working with SQL Server, Building ASp WebSites for many years now.
I am by no means an expert - nor have I had ANY formal training. So ebar
with me if my questions seem elementary...
I have some questions regarding sensitive data and encryption.
There is a project that is headed my way were the social security number
is being used as the unique identifier for an account. I have always
used as identity column as a unique identifier. What would be the pros
and cons of using the SSN as a unique identifier?
#1 How do I go about encrypting the number to store in the DB. Is this
done within SQL Server? Or before the data is inserted?
#2 Is it possible to use an encrypted field as a unique identifier?
My gut tells me to use the identity column , encrypt the SSN and not use
it as any part of an identifier.
Thank You for your Help.. Happy New Year!
Please Reply to the Newsgroup.
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it! 12  3294 
It is not common but it is possible for a Social Security number to change
given time. It should certainly be a way for people to quickly find
individuals however I dont think it it should be a primary key --
As far as encryption goes check out the source code for the forums that are
available at www.webwizguide.com -- there is a very nice encryption system
built into the software that I have used many a time and I cant knock it --
"kimi" <ki*@kimmyXSPAM X.com> wrote in message
news:3f******** *************** @news.frii.net. .. Hello,
I am running Microsoft SQL Server 2000 on a Windows 2000 Sever. I have
been working with SQL Server, Building ASp WebSites for many years now.
I am by no means an expert - nor have I had ANY formal training. So ebar
with me if my questions seem elementary...
I have some questions regarding sensitive data and encryption.
There is a project that is headed my way were the social security number
is being used as the unique identifier for an account. I have always
used as identity column as a unique identifier. What would be the pros
and cons of using the SSN as a unique identifier?
#1 How do I go about encrypting the number to store in the DB. Is this
done within SQL Server? Or before the data is inserted?
#2 Is it possible to use an encrypted field as a unique identifier?
My gut tells me to use the identity column , encrypt the SSN and not use
it as any part of an identifier.
Thank You for your Help.. Happy New Year!
Please Reply to the Newsgroup.
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
"kimi" <ki*@kimmyXSPAM X.com> wrote in message
news:3f******** *************** @news.frii.net. .. Hello,
I am running Microsoft SQL Server 2000 on a Windows 2000 Sever. I have
been working with SQL Server, Building ASp WebSites for many years now.
I am by no means an expert - nor have I had ANY formal training. So ebar
with me if my questions seem elementary...
I have some questions regarding sensitive data and encryption.
There is a project that is headed my way were the social security number
is being used as the unique identifier for an account. I have always
used as identity column as a unique identifier. What would be the pros
and cons of using the SSN as a unique identifier?
#1 How do I go about encrypting the number to store in the DB. Is this
done within SQL Server? Or before the data is inserted?
#2 Is it possible to use an encrypted field as a unique identifier?
My gut tells me to use the identity column , encrypt the SSN and not use
it as any part of an identifier.
Thank You for your Help.. Happy New Year!
Please Reply to the Newsgroup.
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
1. There is no built-in encryption mechanism in MSSQL, but there are a
number of third-party products available: http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22
Alternatively, use the Windows CrpytoAPI from your front end application to
encrpyt/decrypt as you access the data, so the database only ever stores the
encrypted value.
2. Any column which has guaranteed unique values could be a key, but your
encryption solution might produce something unsuitable, such as a very long
value which would be awkward to work with.
Personally, I would go with your proposed solution, and avoid the SSN as a
key. For example, if your solution ever goes international, then basing
everything on an SSN will suddenly become an issue. An artificial key of
some sort is a useful solution. But ultimately you have to decide based on
your requirements.
Simon
>As far as encryption goes check out the source code for >the forums
that are available at www.webwizguide.com -- there is a very nice >encryption
systembuilt into the software that I have used many a time and I >cant knock
it --
Thank you for the link above. I will check this out first chance I get.
I am somewhat familiar with this forum. Thanks.
Please Reply to the Newsgroups..
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
>but there are a number of third-party products available: http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22
Have you used any of the third party software to encrypt?
Alternativel y, use the Windows CrpytoAPI from your front >end
application toencrpyt/decrypt as you access the data, so the database >only ever
stores theencrypted value.
Well this is what I want - but this brings up antoher concern. If the
value stored is encrypted - Would this mean I could never search by SSN?
Personally, I would go with your proposed solution, and >avoid the SSN
as akey. For example, if your solution ever goes >internationa l, then
basingeverything on an SSN will suddenly become an issue. An >artificial key
ofsome sort is a useful solution. But ultimately you have to >decide
based on your requirements.
I agree - I think I am going to push for this - and your point about
international possibilities will be my defense.
Thank you for your help.
Please Reply to the Newsgroups..
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nah it just means you would have to decript the SSN field as part of the
where clause -- probably not that fast as this would lead to indexes being
thrown off but hey --
What I am not quite sure of is why the SSN has to be encrypted in the first
place? Unless somebody is going to have access to the server that should
not I just dont get it -- maybe I am not as cautious as some however
"kimi" <ki*@kimmyXSPAM X.com> wrote in message
news:3f******** *************** @news.frii.net. .. but there are a number of third-party products available:
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22
Have you used any of the third party software to encrypt?
Alternativel y, use the Windows CrpytoAPI from your front >end
application toencrpyt/decrypt as you access the data, so the database >only ever
stores theencrypted value.
Well this is what I want - but this brings up antoher concern. If the
value stored is encrypted - Would this mean I could never search by SSN?
Personally, I would go with your proposed solution, and >avoid the SSN
as akey. For example, if your solution ever goes >internationa l, then
basingeverything on an SSN will suddenly become an issue. An >artificial key
ofsome sort is a useful solution. But ultimately you have to >decide
based on your requirements.
I agree - I think I am going to push for this - and your point about
international possibilities will be my defense.
Thank you for your help.
Please Reply to the Newsgroups..
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
because customers are more willing to give you their SSN if they know that
it is secure.
"J00 Moo" <no************ ************@ho tmail.com> wrote in message
news:bt******** ****@ID-68406.news.uni-berlin.de... Nah it just means you would have to decript the SSN field as part of the
where clause -- probably not that fast as this would lead to indexes being
thrown off but hey --
What I am not quite sure of is why the SSN has to be encrypted in the
first place? Unless somebody is going to have access to the server that should
not I just dont get it -- maybe I am not as cautious as some however
"kimi" <ki*@kimmyXSPAM X.com> wrote in message
news:3f******** *************** @news.frii.net. ..but there are a number of third-party products available:
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22
Have you used any of the third party software to encrypt?
Alternativel y, use the Windows CrpytoAPI from your front >end
application toencrpyt/decrypt as you access the data, so the database >only ever
stores theencrypted value.
Well this is what I want - but this brings up antoher concern. If the
value stored is encrypted - Would this mean I could never search by SSN?
Personally, I would go with your proposed solution, and >avoid the SSN
as akey. For example, if your solution ever goes >internationa l, then
basingeverything on an SSN will suddenly become an issue. An >artificial key
ofsome sort is a useful solution. But ultimately you have to >decide
based on your requirements.
I agree - I think I am going to push for this - and your point about
international possibilities will be my defense.
Thank you for your help.
Please Reply to the Newsgroups..
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
kimi (ki*@kimmyXSPAM X.com) writes: Well this is what I want - but this brings up antoher concern. If the
value stored is encrypted - Would this mean I could never search by SSN?
Searching for a single value should not be much of a problem. You encrypt
the input and then look up the encrypted value. Of course, you must use
an encryption method which always gives the same encrypted value for the
same input.
Search for a range, like all SSN that start on 500 would be more
problematic.
Going back to your original post:What would be the pros and cons of using the SSN as a unique identifier?
The pro would be that you would get a tap on your shoulder by Joe Celko.
But as noted by others, SSN is a typical example of something that looks
like a natural key, but when you look closer to it, does not live up to
the strict requirements for a primary key in a relational database. A
fact which is true many natural look-a-like keys.
--
Erland Sommarskog, SQL Server MVP, so****@algonet. se
Books Online for SQL Server SP3 at http://www.microsoft.com/sql/techinf...2000/books.asp
>But as noted by others, SSN is a typical example of >something that
looks like a natural key, but when you look >closer to it, does not live
up to the strict requirements >for a primary key in a relational
database. A fact which is true many natural look-a-like keys.
Would you consider a phone number to be a good choice for a primary key?
As I understand the data that is to be stored right now.
The only options I have are ssn, phone number, or identity column.
I am so leaning toward the identity.
Thank you for your replies
Please Reply to the Newsgroups..
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Upon further ingestion of coffee I realize that a phone number as a
primary key would be a BAD Move...
I am sticking with the identity column - i see it as my only option
right now.
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it! This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: steve |
last post by:
Hi,
I know there are a few free and paid php source code encryption
scripts around. Has anyone used one, and any feedback?
I am interested in encrypting source that is placed on a remote host.
--
Posted using the http://www.dbForumz.com/ interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbForumz.com/PHP-Obfuscating-Encrypting-ftopict187987.html
|
by: Brian P. Hammer |
last post by:
All - I have an app that saves data to a xml file via a dataset. Our company stores some data in various xml files that is now considered a risk under its security policy. What's the best way to encrypt and decrypt the data in the file.
I use a dataset to load data to my forms and commit changes to the dataset and then write it to the xml file.
Thanks,
Brian
|
by: hellrazor |
last post by:
Hi there,
We want to be able to encrypt the user ID and password within a URL, so
when we send the URL via email, they'll be able to click said URL, and the
aspx page should be able to decode it and authenticate it.
I'm thinking the url would look something like this:
http://localhost/login.aspx?id=af3awfalj3o3i3ok0890
|
by: Andy G |
last post by:
If users forget there passwords I want to send a link to them through email
so they can click on a link and go to a change password page. eBay does
this by sending you a url that looks something like,
http://sigin.ebay.com/aw-cgi/pass/$1$69912$1XasURRhQFdYhulVSnJqt. I want to
a send a url with ?userID=228 tacked on the end. Instead of the 228 being
in clear text I want to encrypt it somehow and then user
Request.QueryString("userID") to...
|
by: Richard L Rosenheim |
last post by:
Anyone care to express their two cents over pros and cons of encrypting the
data being transmitted (within the SOAP package) versus just utilizing a
HTTPS connection?
Richard Rosenheim
| | |
by: Chris Newby |
last post by:
I'm looking for a way to transparently encrypt cookie data using Asp.Net
1.1.
Ideally, developers could still do things like:
HttpCookie cookie = new HttpCookie( "clearTextKey", "clearTextValue" );
Response.Cookies.Add( cookie );
and ...
|
by: Parrot |
last post by:
I cannot get an answer as to why my session state no longer remains active
between webpages after working for 2 years. So I want to try to pass data
thru query strings in my url. I tried to use SecureString to encrypt the
sensitive data but cannot figure out how to encrpyt data using this method
from the documentation. Does anyone have an example of how to encrpyt data
when passing data with a url in a Redirect to another webpage using C#...
|
by: SeeSharp Bint |
last post by:
Visual Studio 2005, dotnet, c#. Microsoft SQL Server. Windows XP forms
application.
Temporarily, for my database application, I have been storing the various
elements of database connection items like datasource,password,userid as
plain strings in the registry.
I'd now like to make these secure against people reading them.
I thought of encrypting/decrypting each string when i write to the registry
but I wouldnt know where to find a...
|
by: Tery |
last post by:
I'm trying to implement the Handango.com HTTP POST registration method. The
instructions are here:
http://www.handango.com/marketing/developerTeam/HTTP_Post_Reg_Model_How2.doc
I'm stuck on how to encrypt a value using the public key in the Handango
certificate.
Does anyone have any suggestions or sample asp.net code on how to implement
this?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
