堆栈内存溢出
  简体   繁体   English

加密数据以存储在数据库中

[英]Encrypting data for storage in database

 原文  2011-02-07 18:09:47       c#/ .net/ asp.net-mvc/ security/ encryption

问题描述

We have a site, where a user will be saving extremely personal and sensitive data in our database. 我们有一个网站,用户将在我们的数据库中保存极其个人和敏感的数据。

We of course will need to be encrypting this data before it is stored in the database, and using SSL. 我们当然需要在将这些数据存储到数据库之前加密,并使用SSL。 It is an MVC application that will use form authentication. 它是一个使用表单身份验证的MVC应用程序。 what is the best way to ensure that this data is encrypted from the time we save it until the time it is decrypted for display on their personal page. 确保从我们保存数据到解密显示在其个人页面上之前加密此数据的最佳方法是什么。

We need to also ensure that it will be secure from even our developers and dba's working on the app. 我们还需要确保即使是我们的开发人员和dba在应用程序上工作也是安全的。

What is the best way to handle this situation? 处理这种情况的最佳方法是什么?

3 个解决方案

解决方案1
 3  2011-02-07 18:13:39

SQL Server具有一些您可能会看到的内置 加密功能(死链接) 加密功能

解决方案2
 1 已采纳  2011-02-07 18:57:45

There is no way to keep a DBA out of the data unless you used a public key encryption and the end user would have to control this. 除非您使用公钥加密并且最终用户必须控制它,否则无法将DBA保留在数据之外。 If the end user lost their key, they would lose all their data. 如果最终用户丢失了密钥,他们将丢失所有数据。

You could have a separate database where you store the keys and your DBA wouldn't have access to this DB. 您可以拥有一个单独的数据库来存储密钥,而DBA将无法访问此DB。

You would have to have two DBAs, one for the data and one for the keys. 您必须拥有两个DBA,一个用于数据,一个用于密钥。

This is assuming you don't trust your DBAs, but then you shouldn't have hired them. 这假设您不信任您的DBA,但是您不应该雇用它们。

If you trust your DBAs, then you let them have access to both DBs, but require that they have separate accounts so if one account gets compromised, they(hackers) wouldn't have access to everything. 如果您信任您的DBA,那么您让他们可以访问这两个数据库,但要求他们拥有单独的帐户,因此如果一个帐户遭到入侵,他们(黑客)就无法访问所有内容。

Typically, in a well designed system, the DBA/Admins have separate accounts for their personal work and an elevated account for doing work. 通常,在设计良好的系统中,DBA / Admins为其个人工作提供单独的帐户,并为工作提供高级帐户。

I'm assuming the programmers only have access to a test environment. 我假设程序员只能访问测试环境。 If they have access to the production environment, then they will have access to both the keys and the data. 如果他们可以访问生产环境,那么他们将可以访问密钥和数据。

解决方案3
 0  2011-02-07 18:21:36

Every Encryption has a key and the key is ( to get / not to get ) that key :) The best way is to set the key on web.config which you can do without any programming background 每个加密都有一个密钥,密钥是(获取/不获取)密钥:)最好的方法是在web.config上设置密钥,你可以在没有任何编程背景的情况下完成

And I have seen a beautiful AES Encryption Algorithm implementation at StackOverflow . 在StackOverflow上看到了一个漂亮的AES加密算法实现 I would suggest you use that. 我建议你使用它。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在上传到Azure Blob存储之前对图像数据进行加密 - Encrypting image data before uploading to azure blob storage .net加密数据库表 - .net Encrypting Database Tables 使用AES加密数据 - Encrypting data using AES 安全加密数据 - Safely encrypting data 通过加密数据生成MAC - Generating MAC by encrypting data 将数据压缩并加密为块 - Compressing and Encrypting Data Into Blocks 在 .NET 中使用 RSA 加密数据 - Encrypting Data with RSA in .NET 用C#加密数据 - Encrypting data in C# Golang使用AES加密数据 - Golang encrypting data using AES 使用NHibernate加密和解密数据 - Encrypting and decrypting data using NHibernate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM