I use VS2010,C# to develop my ASP.NET web app, also I use SQL Server 2008 as my DB tool. I usually use the following model to work with my tables:
query=insert into myTable....
query = select * from myTable
query = update myTable set...
Perhaps it is not the best and most secure method to use SQL, but it is the way I’ve implemented SQL in my code, I’ve heard something about SQL server built-in security features, is there any way that I can insert my data in encrypted format (and also decrypt it using the same KEY)? is there any SQL server related function or query or I should use some external function to encrypt my data, then insert the encrypted data in SQL table?
thanks
That depends on which level you want to secure your data. If you need to transport some sensitive data securely from your application to the SQL Server and you’re not using an encrypted connection, you might want to encrypt and decrypt at application level.
If your connection is secure enough and you want to store your data in the database in a secure manner, so that even someone with super user access can’t read it, you might want to encode and decode at database level, offloading the work to SQL Server, using one of the methods described here:
http://msdn.microsoft.com/en-us/library/bb510663.aspx