Encrypting specific tables?

[Adzi]

Hi,

I've just got word from head office, that although the database system I've designed is held on a secure server in HQ, they want the credit card details encrypted now within the database along with the employee table.

All this data is held in two seperate tables, within the split backend and the front end links to the tables.

How can I go about encrypting the data?
(I'm new to the whole encrytion game)

Cheers,
Adzi!

 

[KenHigg]

I've never encrypted a db myself but I would think that if you did not want to encrypt the entire be you could have a be for encypted tables and a be that wasn't encypted. Woul d this work?

 

[gemma-the-husky]

CONSIDER holding the sensitive information in a separate backend to the less sensitive stuff - only slightly more tricky programmatically

then depends how tricky you want to make the encryption

you could store the card numbers etc in a text column, but encrypt/decrypt them on the fly

a) any encryption method might defeat a casual observer, but if you want it to be rigorous you would need to do some reserach on advanced crypto solutions

b) however, you will find it less easy to search encrypted data - this is probably not an issue for passwords, say, as you wouldn't want to search for a password, but might be an issue with say, credit card numbers. However, if you only want to see a credit card number for a selected client, then it wont be an issue either.