Solved

Is this a safe way of storing and encrypting files?

Posted on 2012-04-04
3
269 Views
Last Modified: 2012-04-04
I have a requirement to upload medical files and encrypt them

I'm already encrypting some other columns and they're varbinary. So, I know varbinary can be encrypted.

Should I use this method :  (filestream)
http://weblogs.asp.net/aghausman/archive/2009/03/16/saving-and-retrieving-file-using-filestream-sql-server-2008.aspx

OR should I encrypt the file in the code, like this:
http://support.microsoft.com/kb/307010
0
Comment
Question by:Camillia
3 Comments
 
LVL 15

Accepted Solution

by:
Deepak Chauhan earned 500 total points
ID: 37808338
Application level encryption is much safer than file stream like

http://support.microsoft.com/kb/307010
0
 
LVL 23

Expert Comment

by:wdosanjos
ID: 37808373
You should consider using SQL Server encryption features.  I find it more flexible to maintain encrypted data that way.

How to: Encrypt a Column of Data
http://msdn.microsoft.com/en-us/library/ms179331%28v=sql.100%29.aspx

SQL Server Encryption
http://msdn.microsoft.com/en-us/library/bb510663%28v=sql.100%29.aspx

I hope this helps.
0
 
LVL 7

Author Comment

by:Camillia
ID: 37808472
>> Application level encryption is much safer than file stream like
why?
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL server 2008 and after encryption method 32 70
Help Required 3 117
SQL Error - Query 6 49
how to make geography query faster?  SQL 7 40
I have written a PowerShell script to "walk" the security structure of each SQL instance to find:         Each Login (Windows or SQL)             * Its Server Roles             * Every database to which the login is mapped             * The associated "Database User" for this …
This is basically a blog post I wrote recently. I've found that SARGability is poorly understood, and since many people don't read blogs, I figured I'd post it here as an article. SARGable is an adjective in SQL that means that an item can be fou…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question