[RESOLVED]MVC and encrypted data columns…

Let’s say I’ve got a column in my data table — an SSN or some type of sensitive personal info.  I want this data to be encrypted in the table, but it will need to be decrypted and viewable at the user level.  Basically, I want to protect my data should
someone gain access into the server.  How do I go about doing this?  Does .NET provide encryption/decryption?  If SQL server handles encryption, how does it get decrypted when MVC requests data?  Any info is appreciated

This is done at the database level. Here is an example of using a symmetric key on a database column:
http://msdn.microsoft.com/en-us/library/ms179331.aspx and another one at:

http://www.mssqltips.com/sqlservertip/2431/sql-server-column-level-encryption-example-using-symmetric-keys/

Another good discussion of the various options is at:

http://sqlmag.com/database-security/sql-server-encryption-options

On a side note you can do encryption and decryption.  The headache that comes from this is how to securely maintain your key, vector, or password that you are using for the encryption/decryption.

http://msdn.microsoft.com/en-us/library/system.security.cryptography(v=vs.110).aspx

Thanks guys, both useful resources.  I think handling this at the server/db level is what I’m leaning toward.

Leave a Reply