Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Encrypting Data
Message
De
08/10/2009 12:00:27
Viv Phillips
Hay-On-Wye, Royaume Uni
 
 
À
08/10/2009 06:50:38
Gregory Adam
Belgique
Information générale
Forum:
Microsoft SQL Server
Catégorie:
Conception bases de données
Titre:
Re: Encrypting Data
Divers
Thread ID:
01428109
Message ID:
01428286
Vues:
39
>>>>>I'm putting together some table to manage users, roles, and rights.
>>>>>
>>>>>Anyone see any problems with encrypting all the data in all three tables?
>>>>
>>>>I'm working on a similar thing at the moment. Your needs are probably different but I decided:
>>>>(a) To handle the encryption in a tier that will make it back-end agnostic.
>>>>(b) To only secure the password - and then by hash value rather than encryption.
>>>>
>>>>FWIW, here's the class I use for hashing/comparing.
    static public class HashFunctions
>>>>    {
>>>>        public static Byte[] GetHashValue(string s)
>>>>        {
>>>>            byte[] source = ASCIIEncoding.ASCII.GetBytes(s);
>>>>            return  new MD5CryptoServiceProvider().ComputeHash(source);
>>>>        }
>>>>
>>>>        public static bool CompareHash(byte[] first, byte[] second)
>>>>        {
>>>>            bool equal = false;
>>>>            if (first.Length == second.Length)
>>>>            {
>>>>                int i=0;
>>>>                while (i < first.Length && (first[i] == second[i]))
>>>>                    i++;
>>>>                equal = i == first.Length;
>>>>            }
>>>>            return equal;
>>>>        }
>>>>
>>>>        public static bool CompareHash(byte[] b,string s)
>>>>        {
>>>>            return CompareHash(b, GetHashValue(s));
>>>>        }
>>>>    }
The password is stored as a byte array (varbinary() in MSSQL)
>>>
>>>
>>>
>>>Viv,
>>>
>>>This extension method may be useful for your CompareHash() method
>>>
>>>namespace GregoryAdam.Base.ExtensionMethods
>>>{
>>>	public static partial class ExtensionMethods_Array
>>>	{
>>>		//______________________________________________________________________
>>>		/// <summary>
>>>		/// returns whether the contents of a range are equal to another range
>>>		/// </summary>
>>>		/// <typeparam name="T"></typeparam>
>>>		/// <param name="thisArray"></param>
>>>		/// <param name="thisIndex"></param>
>>>		/// <param name="otherArray"></param>
>>>		/// <param name="otherIndex"></param>
>>>		/// <param name="length"></param>
>>>		/// <returns></returns>
>>>		public static bool ContentsEqual<T>(this T[] thisArray, int thisIndex, T[] otherArray, int otherIndex, int length)
>>>			where T : IEquatable<T>
>>>		{
>>>			if ( otherArray == null )
>>>				return false;
>>>
>>>			for (; --length >= 0; )
>>>				if (!thisArray[thisIndex++].Equals(otherArray[otherIndex++]))
>>>					return false;
>>>
>>>			return true;
>>>		}
>>>		//______________________________________________________________________
>>>		public static bool ContentsEqual<T>( this T[] array, int index1, int index2, int length )
>>>			where T : IEquatable<T>
>>>		{
>>>			return array.ContentsEqual(index1, array, index2, length);
>>>		}
>>>		//______________________________________________________________________
>>>		public static bool ContentsEqual<T>( this T[] array, T[] otherArray )
>>>			where T : IEquatable<T>
>>>		{
>>>			if ( otherArray == null )
>>>				return false;
>>>
>>>			if ( array.Length != otherArray.Length )
>>>				return false;
>>>
>>>			return array.ContentsEqual(array.GetLowerBound(0), otherArray, otherArray.GetLowerBound(0), array.Length);
>>>		}
>>>		//______________________________________________________________________
>>>	}
>>>}
>>>
>>
>>Thanks! In this instance I probably won't use it since I don't need the flexibility of specifying a range - but it will be useful elsewhere.
>>BTW I wonder which is more efficient - Your:
for (; --length >= 0; )
>>>				if (!thisArray[thisIndex++].Equals(otherArray[otherIndex++]))
>>>					return false;
or my:
while (i < first.Length && (first[i] == second[i]))
>>                    i++;
>>                equal = i == first.Length;
>
>
>
>Viv,
>
>>Thanks! In this instance I probably won't use it since I don't need the flexibility of specifying a range - but it will be useful elsewhere.
>The third method invokes the first one
>
>public static bool ContentsEqual<T>( this T[] array, T[] otherArray )
>
>
>
>>BTW I wonder which is more efficient - Your:
for (; --length >= 0; )
>>>				if (!thisArray[thisIndex++].Equals(otherArray[otherIndex++]))
>>>					return false;
or my:
while (i < first.Length && (first[i] == second[i]))
>>                    i++;
>>                equal = i == first.Length;
>
>See below - yours is
>
>Mine is slower- but I do not see any other way, it's generic - so I cannot use any operator (!=, ==, etc)
>
>If I take Equals() out and the double index (index1 and index2) they compare
>
>What I'm trying to do is (1) avoid accessing first.Length on each iteration and (2) decrement and compare to zero rather than another value
>
>Bonus: shouldn't you dispose of MD5CryptoServiceProvider() ?
>
>
>namespace BaseTest
>{
>	
>
>	class test2
>	{
>
>		const int nTimes = 10000;
>		const int ArraySize = 1024 * 64;
>
>		//______________________________________________________________________
>		static void Main()
>		{
>
>			ExecuteTimed.Run(TestViv, false); // 00:00:04.86
>			ExecuteTimed.Run(TestMine, false); //  00:00:05.70
>			ExecuteTimed.Run(TestMine2, false); // 00:00:05.00
>			ExecuteTimed.Run(TestMine3, true); //00:00:04.91
>			
>		}
>		//______________________________________________________________________
>		static void TestViv()
>		{
>			byte[] first = new byte[ArraySize];
>			byte[] second = new byte[ArraySize];
>
>			for ( int times = nTimes; --times >= 0; )
>			{
>				bool equal = false;
>				int i = 0;
>				while (i < first.Length && (first[i] == second[i]))
>                    i++;
>
>				equal = i == first.Length;
>
>
>			}
>		}
>		//______________________________________________________________________
>		static void TestMine()
>		{
>			byte[] first = new byte[ArraySize];
>			byte[] second = new byte[ArraySize];
>
>			for ( int times = nTimes; --times >= 0; )
>			{
>
>				int length = first.Length;
>				int index1 = 0, index2 = 0;
>
>				for ( ; --length >= 0; )
>					if ( !first[index1++].Equals(second[index2++]) )
>						break;
>
>
>			}
>		}
>		//______________________________________________________________________
>		static void TestMine2()
>		{
>			byte[] first = new byte[ArraySize];
>			byte[] second = new byte[ArraySize];
>
>			for ( int times = nTimes; --times >= 0; )
>			{
>
>				int length = first.Length;
>				int index1 = 0, index2 = 0;
>
>				for ( ; --length >= 0; )
>					if ( first[index1++] != second[index2++] )
>						break;
>
>
>			}
>		}
>		//______________________________________________________________________
>		static void TestMine3()
>		{
>			byte[] first = new byte[ArraySize];
>			byte[] second = new byte[ArraySize];
>
>			for ( int times = nTimes; --times >= 0; )
>			{
>
>				int length = first.Length;
>				int index1 = 0;
>
>				for ( ; --length >= 0; )
>					if ( first[index1] != second[index1++] )
>						break;
>
>
>			}
>		}
>		//______________________________________________________________________
>	}
>}
>
>
>Mine is slower- but I do not see any other way, it's generic - so I cannot use any operator (!=, ==, etc)
True, I hadn't thought about that.

>If I take Equals() out and the double index (index1 and index2) they compare
>What I'm trying to do is (1) avoid accessing first.Length on each iteration and (2) decrement and compare to zero rather than another value

Given the constraint I can't see any way of improving on it!

>Bonus: shouldn't you dispose of MD5CryptoServiceProvider() ?
In favour of ?

Of topic, I'm still having trouble with my weekend SQL problem - may have to resurrect the thread :-{
Best,
Viv
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform