I am wanting to know what ways to attempt to do this. I want to set up an ASP >NET database service. The database (MySQL) will be hosted by a web hosting company which mya not be secure. I am thinking the best way to store clients' data would be to encrypt it, but how would I accomplish this? I can not store the encryption in the database and since it will be browser based, I do not want to store the keys on the client's PC. I want them to login and have access to their data, but do not want anyone else to have access to it and make it very secure. What would be the best way to do this?

Thanks, Chester

man i dont know MYSQL but i am familair with microsoft sql.

I think the solution to this problem is by making logins and passwords. second, dont make a password column in the database coz every one enter the database can view them.
create password using : "sp_addlogin" and "sp_ addroles" procedures.
in this way the passwords are encrypted inside the microsoft sql.

Yeah, I was thinking about just hashing the password. But my only problem is the web hosting company DB admins can see whatever the database contains or create a user that can do it. I want to somehow encrypt the actual data in the DB so my clients xan login and see it but now one else can. I have not came up with a way to do that yet and still use a broswer interface.

Chester

chester
i dont know about that, but is that happening in real-life or u want to be pioneer in that.
its the first time i see one want encrypt that whole whole database.
man this is can be harmfull if the encryption process is failed, u will loose all the data.
u should be carefull in that.

Well, I was thinking of encrypting the fields themselves, possibly using symetric encryption...

Chester

chester, the type of encryption doesnt differ, u will encrypt using a program but how the users will decrypt and if u find a war to decrypt, this will took time so users may find that boring
encrypting and decrypting each time.
i know users wont do anything, but i am speaking about the time taken for this process to complete.
my opinion is to stop that and take this idea from ur head.

sam

So I should just develop a traditional database app and not go ASP .NET. The reason I need to encrypt is because my app will have financial information and items such as social security numbers. So I would rather error on the side of over protection than under protetion. There are too many stories out now about peoples personal info being hacked and compromised.

However, it will be difficult developing this in a traditional windows app because the users will be all over the place. My reasoning for developing a web app instead of a windows app.

Catach 22 enough seucirty people will not want to use it, but not enough and there is a possibility of compromise which can not happen.

Chester

dude u should develop asp.net application, but ur problem is the problem of whole world security.
i think the best solution is in secured-server, the server administrator should be smart and aware of all the hackers actions.

from ur side, as a programmer u can do ur best to secure ur data, but not taking too much risk by encryopting and descrypoting data all the time.

sam

simply while any one register in ur side use below query
insert into ur_table values(username,md5(password));
this md5 is type of encryption which cannt be decrypted
--------
second case is login .
in this use check for validity of user by below query
select * from ur_table where username='username.text' and password='md5(password.text)'

this will help u to secure the data of the user. even administration also dont know the password even he/she looks password in database.