i need an advice in encryption in sql server 2000
which is better, to encrypt the password in asp.net and send it to the sql server already encrypt it, or to encrypt the password in the sqlserver ?
and also does anybody know if there is a tutorial about security in sql server i can use to secure my application.
Kind Regards
Mahmoud ManasrahYou should really check outMicrosoft's Patterns & Practices. This is a great series of in-depth articles with specific recommendations on how to design, build, deploy, and operate sound solutions.
In particular,Improving Web Application Security: Threats and Countermeasures,Building Secure ASP.NET Applications.
I know that you should never send password data in plain text from ASP.NET to SQL Server. I believe that you can use https to transmit the password to your processing page. But this is not an area in which I am particularly knowledgeable.
Terri
No comments:
Post a Comment