Last post Dec 09, 2013 09:42 PM by BrockAllen
Dec 08, 2013 11:31 PM|PureDevelopers|LINK
I am wondering what the preferred method is for data encryption in MVC 5? I am using code-first approach in Visual Studio 2013, and need to store sensitive data in the DB.
I was assuming I could use whatever is built into ASP.Net to store the users password. I am guessing I need to create my own encryption logic. Should I use Enterprise Library? Some other library?
Dec 09, 2013 08:48 AM|BrockAllen|LINK
If you need "temporary" encryption because you send a value to the browser and then back to the server (like a value in a cookie), then here's the built-in API from ASP.NET:
Passwords you store in the database should not be encrypted. You should hash instead, and there's a built-in API for this as well:
Dec 09, 2013 09:30 PM|PureDevelopers|LINK
Thanks for the links. I want to encrypt / hash the data and store it in the database. The Second link seems to be kind of what I am looking for, but I need to be able to retrieve and use the value I am storing. The second link shows how to compare the hash
stored in the db to a password, but not how to retrieve and unhash it.
To simplify, I am being asked to collect social security numbers, and I don't want to store them in clear text in the database, so what I gather is that I want to hash them and then store them in the database hashed.
Can I use the Crypto to do that, and if so, am I going to need to generate my own salt and store it?
Dec 09, 2013 09:42 PM|BrockAllen|LINK
For something like SSN, I'd assume the user enters it and some backend system uses it? IOW, the web app doesn't need to reverse it, right? If so, then I'd suggest using asymmetric encryption for that -- that way if the website is compromised, the attacker
won't be able to reverse the SSNs.