TConsult Web Dev Inc. - Web Development

Database Encryption for Sensitive Data

It is never a wise idea to store sensitive data inside of your Website database and we never encourage clients to do so. But there are situations where it is desirable and every so often it is necessary.

If sensitive data must be stored in the Website database such as credit card information or social security numbers then that information should be encrypted. Please note we are not referring to an SSL certificate here, we are talking about taking a string of characters such as a credit card number:
4111 1111 1111 1111

and turning it in to an undecipherable string before storing it in the database. It would look like this.

We use ASP.NET's Cryptology Class (built in to the .NET framework) to perform this task. Should anyone get their hands on the database inappropriately then the sensitive information inside would be garbled and undecipherable.

But we don't stop there. In addition to the data being encrypted it also undergoes another encryption technique named "salting" to double ensure the string can never be decrypted.

Some Notes
If you decide to keep sensitive information inside your database then it is always best to remove it after a certain amount of time. In fact, there may be laws that require you to do so given the nature of your Website and the information you are retaining.

© 1997 - 2018 TConsult Web Dev Inc.

Contact Us