473,789 Members | 2,729 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Encrypting data within the DB

Hello,
I am running Microsoft SQL Server 2000 on a Windows 2000 Sever. I have
been working with SQL Server, Building ASp WebSites for many years now.
I am by no means an expert - nor have I had ANY formal training. So ebar
with me if my questions seem elementary...

I have some questions regarding sensitive data and encryption.

There is a project that is headed my way were the social security number
is being used as the unique identifier for an account. I have always
used as identity column as a unique identifier. What would be the pros
and cons of using the SSN as a unique identifier?

#1 How do I go about encrypting the number to store in the DB. Is this
done within SQL Server? Or before the data is inserted?

#2 Is it possible to use an encrypted field as a unique identifier?

My gut tells me to use the identity column , encrypt the SSN and not use
it as any part of an identifier.

Thank You for your Help.. Happy New Year!

Please Reply to the Newsgroup.

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 20 '05
12 3295

"kimi" <ki*@kimmyXSPAM X.com> wrote in message
news:3f******** *************** @news.frii.net. ..
Upon further ingestion of coffee I realize that a phone number as a
primary key would be a BAD Move...

I am sticking with the identity column - i see it as my only option
right now.


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!


The identity column is probably the best approach. The fundamental issue as
I see it is that there is no such thing as a natural key for human beings,
or at least no key that is practical in relational database terms. In some
specific contexts, it might be possible to use something like an email
address, but even then a surrogate key might be required purely for
performance.

You could try to make a composite key out of numerous fields (names, phone
numbers, addresses etc), but it would be completely impractical, even if you
could be sure that everyone in your database will always have an email
address and a phone. I suppose you might theoretically be able to produce a
unique hash value from someone's DNA, but even if it could be made small
enough to work in a practical implementation, you'd still have a problem
when you get your first set of identical twin customers/employees/whatever.

SSNs, passport numbers, employee IDs etc. are essentially artificial keys at
the end of the day, so there's no reason to be reluctant to use one
yourself, at least in my view.

Simon
Jul 20 '05 #11
>> The only options I have are ssn, phone number, or identity column.
<<

Go down the list and ask yourself which of the three can be verified
in the reality you are modeling. I can call someone and ask for his
phone number. I can call the government and verify his SSN. IDENTITY
by definition is never a key -- just put the same data into the table
1000 times on a table that uses such a pseudo-key and trash your data
integrity.

What is the nature of the application? Do you require the phone
number or can someone qualify for membership in the set without one?
Probably. Do you require the SSN or can someone qualify for membership
without one? Probably not. If I hire a foreign national, I have to
get a tax number for him in a business environment. So you allow
sloppy SSNs only if you want to go to jail under INS, IRS and Homeland
Security laws. You not only have to have it on file as a matter of
law, you have to verify it as a matter of law.

The bad news is that simple verification is a pain with SSN. Buy a
package or find some freeware to save yourself the pain.
Jul 20 '05 #12
Joe,
I can call someone and ask for his phone number.


And don't forget to ask "Is this the party to whom I am speaking?"
Linda

Jul 20 '05 #13

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
7
2029
Obfuscating/Encrypting PHP
by: steve | last post by:
Hi, I know there are a few free and paid php source code encryption scripts around. Has anyone used one, and any feedback? I am interested in encrypting source that is placed on a remote host. -- Posted using the http://www.dbForumz.com/ interface, at author's request Articles individually checked for conformance to usenet standards Topic URL: http://www.dbForumz.com/PHP-Obfuscating-Encrypting-ftopict187987.html
PHP
9
1852
Encrypting Data
by: Brian P. Hammer | last post by:
All - I have an app that saves data to a xml file via a dataset. Our company stores some data in various xml files that is now considered a risk under its security policy. What's the best way to encrypt and decrypt the data in the file. I use a dataset to load data to my forms and commit changes to the dataset and then write it to the xml file. Thanks, Brian
.NET Framework
2
1699
encrypting / encoding login info within a URL
by: hellrazor | last post by:
Hi there, We want to be able to encrypt the user ID and password within a URL, so when we send the URL via email, they'll be able to click said URL, and the aspx page should be able to decode it and authenticate it. I'm thinking the url would look something like this: http://localhost/login.aspx?id=af3awfalj3o3i3ok0890
ASP.NET
4
7046
Encrypting a query string in URL
by: Andy G | last post by:
If users forget there passwords I want to send a link to them through email so they can click on a link and go to a change password page. eBay does this by sending you a url that looks something like, http://sigin.ebay.com/aw-cgi/pass/$1$69912$1XasURRhQFdYhulVSnJqt. I want to a send a url with ?userID=228 tacked on the end. Instead of the 228 being in clear text I want to encrypt it somehow and then user Request.QueryString("userID") to...
ASP.NET
7
4101
Encrypting data vs using HTTPS?
by: Richard L Rosenheim | last post by:
Anyone care to express their two cents over pros and cons of encrypting the data being transmitted (within the SOAP package) versus just utilizing a HTTPS connection? Richard Rosenheim
.NET Framework
0
1200
Asp.Net 1.1 - Transparently Encrypting Cookie Data
by: Chris Newby | last post by:
I'm looking for a way to transparently encrypt cookie data using Asp.Net 1.1. Ideally, developers could still do things like: HttpCookie cookie = new HttpCookie( "clearTextKey", "clearTextValue" ); Response.Cookies.Add( cookie ); and ...
ASP.NET
2
1861
Encrypting query strings
by: Parrot | last post by:
I cannot get an answer as to why my session state no longer remains active between webpages after working for 2 years. So I want to try to pass data thru query strings in my url. I tried to use SecureString to encrypt the sensitive data but cannot figure out how to encrpyt data using this method from the documentation. Does anyone have an example of how to encrpyt data when passing data with a url in a Redirect to another webpage using C#...
ASP.NET
2
2275
Encrypting data
by: SeeSharp Bint | last post by:
Visual Studio 2005, dotnet, c#. Microsoft SQL Server. Windows XP forms application. Temporarily, for my database application, I have been storing the various elements of database connection items like datasource,password,userid as plain strings in the registry. I'd now like to make these secure against people reading them. I thought of encrypting/decrypting each string when i write to the registry but I wouldnt know where to find a...
C# / C Sharp
3
2470
Help with encrypting using certificate public key ...
by: Tery | last post by:
I'm trying to implement the Handango.com HTTP POST registration method. The instructions are here: http://www.handango.com/marketing/developerTeam/HTTP_Post_Reg_Model_How2.doc I'm stuck on how to encrypt a value using the public key in the Handango certificate. Does anyone have any suggestions or sample asp.net code on how to implement this?
ASP.NET
0
9666
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9511
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10408
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9983
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
9020
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7529
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6769
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5417
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
4092
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us