October 7, 2009 at 8:39 am
Hi everyone!,
I have a basic question and pardon me if I sound dumb about it.
How do you store critical information such as passwords, SSN, Salary info in tables?
For example are passwords stored as binary or varbinary? What about Salary info? SSN? DOB? What is the best datatypes for storing this sensitive info?
I am sure employees at corporations are concerned if the DBA or anyone with the authority can dig into the employee tables and find out how much they make a year.
I have never been involved in the design of the tables but I want to learn; and I believe this is the right place to ask, I would like to hear it from the pros.
Are there any good books that cover all of this out there? Can anyone recommend one? When I took database analysis and design at school, we barely touch this topic.
Thanks in advance
Ed
October 7, 2009 at 3:00 pm
I'd store as varbinary with encryption done by the business layer.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
October 8, 2009 at 6:16 am
Thanks for the reply.
Varbinary, is that just for the password field or for all the mentioned fields such as SSN, Salary info?
Thanks
Ed
October 9, 2009 at 2:17 pm
ed-1075072 (10/8/2009)
... or for all the mentioned fields such as SSN, Salary info?
all columns you want to protect.
_____________________________________
Pablo (Paul) Berzukov
Author of Understanding Database Administration available at Amazon and other bookstores.
Disclaimer: Advice is provided to the best of my knowledge but no implicit or explicit warranties are provided. Since the advisor explicitly encourages testing any and all suggestions on a test non-production environment advisor should not held liable or responsible for any actions taken based on the given advice.October 9, 2009 at 2:38 pm
For passwords, I typically just store a hash. Use a one-way function, compare hashes to see if it's a valid input.
October 12, 2009 at 3:25 am
I store sensitive information encrypting it from the business layer and into a varbinary/varchar column.
"Keep Trying"
October 12, 2009 at 6:14 am
For passwords, I typically just store a hash. Use a one-way function, compare hashes to see if it's a valid input.
Can you please elaborate a little bit more on this method?
I heard about hash but I'm not sure how to use it.
Thanks
Ed.
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply