>>> But is there some sort of equivalent for encrypting the actual data as stored in SQL Server? So data is stored scrambled in the database, but normal during the reading and reporting to user for editing.
>>
>>As far as I can remember, the webcast at the link below covered encryption for SQL 2005...
>>
>>
http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?culture=en-US&EventID=1032290365&CountryCode=US>
>Yes, but the installation is on SQL 2000
Whatever you do, do NOT use the SQL ENCRYPT() function. It is specific to the machine, and we got in trouble when we wanted to move our database to a different machine. I would assume if there were a server failure and the machine had to be rebuilt that you would be in trouble too.
In our situation all we had to do was encrypt passwords. It was one-way encryption, and we did this in the application in the data layer. One could argue it should be done in the business layer, but encryption is not really a "business" rule.