I have a SQL Server 2005 Database and I am planning to encrypt some of my columns using PassByPhrase. But these columns have to be displayed in the original form on my ASP.Net web pages and on some Crystal Reports. Now I know that I will have to create a Stored Procedure to decrypt the columns and run this stored procedure every time my classes (which display the data) hit the database. But if I store my passphrase in some stored procedure, then anybody who has access to the database can open the stored procedure and get the value of the pass phrase. Then what's the point of encryption?
So my questions are:
How would I display my Encrypted columns(in their original form) on a ASP webpage or a Crystal Report?
How should I store my Passphrase?
There is no magic bullet. the problem you see is always there when a service has to access data on an user behalf. Encryption is not a substitute for access protection. If you need to display encrypted data then you must present the decryption key. There are only two possibilities:
That's all there is. Anything else is either a variation on the encryption hierarchy theme (eg. storing passwords in ASP.Net config files under protected sections) or plain old snake oil (like embedding passwords in app code).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.