I have a column (salary) encrypted in database (MS SQL Server).
I am using the entity framework to display/edit the records from the front end. Any idea how to decrypt the column in the front end to show the salary value?
Thanks
If you are doing encryption on database level you must use database level for decryption - use ObjectContext.ExecuteStoreQuery<YourEntityType>(...) to load records from database - pass SQL command with correct decryption usage into that method.
Related
As a part of the migration, I need to prefill an SQL Server table with the data where one of the fields should depend on the target database name or server name. At least it should not be the same for the Development and Production environments.
I wrote a code in OnModelCreating using modelBuilder.Entity<T>().HasData(...) but I still have no idea how to take the target database name here.
I think you can get database name from your connection string.
Put this code inside the Seed method:
var connection = context.Database.Connection.ConnectionString;
or something like that, which provide the connection string, then get the database name from that object.
With a C# .net application connecting to postgres using npgsql, how do I recover the just the metadata of a sql query? Is their any equivalent to the Transact SQL option FMTONLY, where the request returns no rows, and makes no changes, but populates the column meta-data with the schema information - column names and data types?
I'm trying to read data from an Advantage Database with Advantage .Net Data Provider.
When I execute my app, I have the following error :
"Error 5175 the index was created with a different collation sequence"
A way to fix it is to open the table with Advantage Data Architect and reindex or delete the index file (.adi) but I can't do this because the database is used by an accounting software (Sage BOB 50) and if I reindex or delete the index, the software is unable to access the data anymore.
Any ideas?
The collation your connection will use depends on the way you are connecting to the server. (See also Advantage Database Index Collation Sequence).
In order to avoid the 5175 error you should use the same connection method that the accounting software uses.
If it uses ALS you can copy the adslocal.cfg config file over to your application. If it uses ADS you should make sure that you connect to the same database server that the accounting software does.
I need to encrypt some columns in my MS SQL database (name, ssn ...) and I have been looking at column encryption as described by a few sites such as:
Encrypting Column Level Data in SQL Server
and
Introduction to SQL Server Encryption and Symmetric Key Encryption Tutorial.
I've been able to use an Trigger on insert to encrypt a column and I can decrypt the column within SQL Studio using:
OPEN SYMMETRIC KEY TestTableKey
DECRYPTION BY PASSWORD = 'Pa$$w0rd'
CONVERT(VARCHAR(50),DECRYPTBYKEY(EncryptSecondCol)) AS DecryptSecondCol
FROM TestTable
But how do I access the data from my application? I still want to be able to search for names. The only thing I can think of is using a Stored Procedure and sending the decryption password as a parameter in the LINQ statement so the stored procedure can decrypt the data and then execute the query.
Am I on the right track?
I'm new to this so I welcome other useful suggestions.
Yes, I have seen stored procedures to decrypt encrypted text. I've also seen stored procedures to encrypt text, which I prefer to Triggers because I don't like Triggers - see these answers.
However, I prefer to put encryption logic in my application layer - using, for example, the Enterprise Library Encryption Code. The passphrase and salt are easily encrypted in the config file using the Enterprise Library console.
Is there a specific reason for doing this work in the database? If you must do it that way, you could use EL to protect your passphrase and pass that into the stored procedure you've written.
If you are using MS SQL Server Enterprise or Developer editions, you can use TDE:
TDE
I started to use ADO.NET for 3 days and want to make a program that can control if UserID and Password is suited with it's database value or not .The point is that i am confused about control all UserID and Password rows to suitable.Must i control UserId and password one by one with a loop or is there any sql command to make this.Thanx..
Are you doing this to learn or for production use?
If it is for production use I strongly advice you to look into using the ASP.NET Membership provider instead of building your own security system. It is thoroughly tested and known to be secure.
If it is to learn then you should write a suitable SQL statement. One way to do it efficiently with one query is:
SELECT 1 FROM Users WHERE UserId='GivenUserId' AND Password='GivenPassword'
That will give you one result row back if there is a successful match, or no row back if either user name or password is wrong.
BTW, I suggest to do not store password in DataBase in plain text, use simple MD5 helper to store MD5 hash of password and just compare hash instead of password itself