How do you encrypt a database? I googled it and only got .net examples.

1. What kind of database are you wanting to encrypt, an access database, a SQL Server database, MySQL database etc..

2. What kind of encryption do you want on the database, access has a number of ways to encrypt the database - Go to "Tools"
--> "Security".

3. Are you talking about not wanting people to download the database from the web, if so, you could always upload the database to above the wwwroot directory and point all the links to the correct location.

Just a few thoughts, cheers....

It's an access database and I'd like to be able to encrypt it 2 way, but appparently 1 way is better if it contains passwords which it does.

Actually his last suggestion is what brinkster does with all databases, you can stick the files in a database folder above your root directory, and then they can't be downloaded (because there is no URL to download them with).

You can still access them in ASP with Server.MapPath() and map the path to the directory above your root folder.

I'm sure it can still be hacked by a pro if there are other security holes (but Microsoft have security holes? ha! ;)), but then of course he'd probably have complete access to your website and free reign to delete everything on your website on a whim anyway... but I don't know since I'm not an expert on hacking or internet security. :)

As for actual database encryption, I haven't messed with that at all. One suggestion though - if you ever process credit cards, it's a good idea NOT to store the credit card information in a database, in case you do get hacked (since you would be liable). You could always just store the last 4 digits instead.

Not to mention, that's a great thing to advertise to your client's customers - "We do NOT store your credit card information".

The processing company you're using should have the rest of the info you need in the case of refunds, or you can ask the customer to provide you with the needed information...

. . . r i g h t . . .


How did we get into credit card no.s ? Lol:)
I just wanted to know how to encrypt a database containing passwords which is for my bulletin board system..

Not that your post didn't mean anything though...:)

My point was just that I don't really see a need for encrypting an Access database as long as you don't have it where it's downloadable, and it doesn't contain sensitive information.

I can see what you mean:), I just wanted to have it as a feature on my BB to make it sound and theoretically be more secure although it will be secure by being in an upper level directory, and if passwords were comprimised it would just require user passwords being set to a random password and emails sent to each user containing this.

Off topic a little I made another stats reporting thing for my site and I remembered you talking about throwing all sorts of things in to try and break it, I ended up changing about 3 or 4 things to make it work perfectly, then I started my next script I'm almost finished so it's about time to break it..:)

Lemme break it. lol.

I'm really good at it. (and I know that BigDaddy is too...)

Working where I do, I know pretty much all of the common mistakes made in validation... :)

Well, I will post a thread when I'm done for people to break my script...It should be a valuable lesson.:)

I'm sure it will be.

I actually learned so much from the last 70 or so websites that some other developers at my company(I developed some of them myself as well) developed under intense time pressure, and I had to help QC all of them, that it was invaluable to my understanding of validation in general, and especially as to how datatypes are handled by ASP.

Which is mainly what resulted in my ongoing regular expression and normal validation functions. And a couple of those sites now have those implemented... as time permits I hope to make the others foolproof by implementing them there as well. ;)

The cool thing is I haven't seen any errors (at least related to the validation I created) from those sites.

:)