Please understand that I am not asking HOW to do something - but, rather, I
just need some advise on what "technology" or method I should employ...
The problem is this:
I have a client for whom I am developing a web site. The client is a bank -
therefore, the entire site will be secure (SSL).
The banks' customers will be entering account number information to the
site - and we will be storing all inputs into a SQL Server database. The SQL
Server database resides on one of OUR servers.
The bank client then wants to periodically download, on demand, the
information that its customers have entered. (And the bank wants to download
the information entered in Excel spreadsheet format.)
I need to determine how I am going to get the entered information from our
ASP.NET server to our SQL Server database in a format that will be
unreadable to us (me, my company).
Likewise, I need to make the information available to the bank to download
in a format that they CAN read.
Where do I start'
I am an experienced, MCSD.NET certified developer - and I can implement
anything.
I just need to know where to begin.
Many thanks for your assistance!
~ Celia ~Celia,
One thought I have on this issue is to ensure the data stored in the SQL
Database is encrypted using a strong encryption package. There are several
good third party applications that can accomplish this objective for you.
The trick then is to control where and how the data can be displayed in an
unencrypted format. If the data is encrypted in the data files, the data
is not compromised even if someone obtains a copy of the mdf and ldf files.
Control of the decryption key is crucial.
Hopefully this information will get you started on the project.
Thanks.
Gary Whitley
This posting is provided "AS IS" with no warranties, and confers no rights.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment