使用C#在SQL Server数据库中存储敏感数据
[英]Storing sensitive data in SQL server db with C#
问题描述
I am working on a Winforms application in C# that will need to access employee SSNs. 
我正在使用C#中的Winforms应用程序来访问员工SSN。 We store the data in a SQL Server database. 我们将数据存储在SQL Server数据库中。 Obviously we can't store the numbers in plaintext in the database. 显然,我们无法将数字以明文形式存储在数据库中。 We need to store them in some sort of encrypted format. 我们需要以某种加密格式存储它们。
What is the best way to go about storing the data in an encrypted way but then allowing my application to decrypt the data? 以加密方式存储数据但允许我的应用程序解密数据的最佳方法是什么?
It is important to note that this is an in house application and no data will be transmitted over the internet. 重要的是要注意,这是一个内部应用程序,没有数据将通过互联网传输。
2 个解决方案
解决方案1
1 2014-08-13 14:57:25
You can try MSDN cryptographic service, http://msdn.microsoft.com/en-us/library/system.security.cryptography%28v=vs.110%29.aspx , for a example: 您可以尝试MSDN加密服务, http : //msdn.microsoft.com/en-us/library/system.security.cryptography%28v=vs.110%29.aspx ,例如:
using System.Security.Cryptography; 使用System.Security.Cryptography;
private string Crypt(string s_Data, bool b_Encrypt)
{
string s_Password = "... your password ...";
byte[] u8_Salt = new byte[] { 0x26, 0x19, 0x81, 0x4E, 0xA0, 0x6D, 0x95, 0x34, 0x26, 0x75, 0x64, 0x05, 0xF6 };
PasswordDeriveBytes i_Pass = new PasswordDeriveBytes(s_Password, u8_Salt);
Rijndael i_Alg = Rijndael.Create();
i_Alg.Key = i_Pass.GetBytes(32);
i_Alg.IV = i_Pass.GetBytes(16);
ICryptoTransform i_Trans = (b_Encrypt) ? i_Alg.CreateEncryptor() : i_Alg.CreateDecryptor();
MemoryStream i_Mem = new MemoryStream();
CryptoStream i_Crypt = new CryptoStream(i_Mem, i_Trans, CryptoStreamMode.Write);
byte[] u8_Data;
if (b_Encrypt) { u8_Data = Encoding.Unicode.GetBytes(s_Data); }
else
{
try { u8_Data = Convert.FromBase64String(s_Data); }
catch { return null; }
}
try
{
i_Crypt.Write(u8_Data, 0, u8_Data.Length);
i_Crypt.Close();
}
catch { return string.Empty; }
if (b_Encrypt) return Convert.ToBase64String(i_Mem.ToArray());
else return Encoding.Unicode.GetString(i_Mem.ToArray());
}
解决方案2
0 2014-08-13 16:11:45
You should probably double encrypt the data especially if you've also got the names in the same data table. 您可能应该对数据进行双重加密,尤其是如果您在同一数据表中也有名称。 The above method will secure the data from a code point of view but if you've got a malicious developer on your staff it'd be easy for them to get the data. 上述方法将从代码的角度保护数据,但如果您的员工中有恶意开发人员,则他们很容易获取数据。
In addition to the solution by user3806621 you should also look at encryption on the SQL server - see this link MSDN article 除了user3806621的解决方案之外,您还应该查看SQL服务器上的加密 - 请参阅此链接MSDN文章
However, you might also have a number of Data Protection issues to deal with depending on your geographical location. 但是,您可能还需要处理许多数据保护问题,具体取决于您的地理位置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.