dcsimg
Login | Register   
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


advertisement
 

Implementing Encrypted SQL Server Database Columns with .NET : Page 4

Many government agencies needing HIPAA compliance, such as HUD, require encryption of certain database columns. For systems tracking victims of domestic abuse, it's critical to encrypt personally identifiable data. Fortunately, implementing encrypted database columns is simple using .NET and SQL Sever 2000.


advertisement

WEBINAR:

On-Demand

Application Security Testing: An Integral Part of DevOps


Encrypting and Storing a Record
To store the data in the database, you first generate the private IV for the record. This will be a unique IV for that record and will keep the encrypted values in the table unique. Then you will store the IV, the columns uniquely encrypted with that IV and the LastName using the shared IV for searching.

Author's Note: The data access code used in this article uses the Microsoft Data Access Application Block. If you're not familiar with it, I strongly recommend going to http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/daab-rm.asp and downloading it. It comes complete with source code and provides a simpler and cleaner API for most data access tasks you'll want to do with .NET.

   Private void SaveButton_Click(
   object sender, System.EventArgs e)
   {
      object clientID = System.DBNull.Value;
   
      if(this.ClientIDField.Text!="") { 
         clientID=Convert.ToInt32(
         this.ClientIDField.Text); }
   
      byte[] PrivateVector = 
         SimpleAES.GenerateEncryptionVector();
      SimpleAES privateAES = new 
         SimpleAES(this.Key, PrivateVector);
   
      SqlHelper.ExecuteNonQuery(
         DatabaseConnectionString,
         "SetClient",
         new SqlParameter("@ClientID", 
            clientID),
         new SqlParameter(
            "@FirstNameCrypted", 
            privateAES.Encrypt(
            this.FirstNameField.Text)),
         new SqlParameter("@LastNameCrypted",
      privateAES.Encrypt(
      this.LastNameField.Text)),
         new SqlParameter("@LastNameShared", 
            lib.Encrypt(
            this.LastNameField.Text)),
         new SqlParameter("@Vector", 
            PrivateVector),
         new SqlParameter("@ShelterName", 
            privateAES.Encrypt(
            this.ShelterNameField.Text)));
   }  


Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date