问题
For additional security to keep email addresses private in a project I am working on, I would like to have all emails stored in our database encrypted. However, we are using the Asp.Net Membership provider, and emails appear in clear text in the Email column of table aspnet_Membership. Is their way to achieve this? Ideally, a simple way.
回答1:
I would create a custom provider and just add the small amount of code to encrypt the email address.
they released source for the ASP.net Provider
http://weblogs.asp.net/scottgu/archive/2006/04/13/442772.aspx
if you download the ProviderToolkitSamples.msi
Use the SQLMembershipProvider.cs for the membership provider on line 366 it is storing the email address you can encrypt it before calling the insert stored procedure.
you will also need to decrypt it when retrieving it from the DB as well .
Here is a good article on Encryption I would make sure you include a Salt with the email address so that it is more secure.
http://hectorcorrea.com/blog/Encrypt-and-Decrypt-a-string-in-C-Sharp
Hope that helps!
来源:https://stackoverflow.com/questions/9331270/is-it-possible-to-have-email-addresses-encrypted-in-applicationservices-db