>>>>I am wondering if it is a good idea to encrypt user name and email address of users in User and Password Table? Of course, I encrypt password field entry. But I am not sure of what is a good practice with regards to User Name and Email Address columns. TIA for any input
>>
>>It depends on the ownership of the app and the relationship with the customer.
>>
>>If it's theirs, there's no indication to encrypt.
>>
>>If it's yours, then it depends on how things work at the customer.
>>
>>We've never encrypted usernames but I did have one customer where a bright spark in the IT Dept copied data out of our system and replicated some functionality to try to reduce maintenance fees. That's not allowed in contract, but who wants to sue a customer? Easier to create mechanisms that don't affect their use of the product but create barriers to this sort of behavior. It also makes it more difficult for the worst sort of competitor who will happily sneak a copy of your user table to create a localized demo of their competing product.
>>
>>If you do encrypt, the customer is entitled to a mechanism to retrieve business data if and when the relationship ends for whatever reason. Ideally this is spelled out in contract too. If you can't satisfy the customer in this respect, IMHO it would be wrong to encrypt.
>
>I am not at all concerned - with this application - that the customer will try to reduce fees or take away some business or whatever. In fact, I am not even concerned about security (it is fairly easy to bypass my encrypting schema by simply deleting all records in the Password table :)). It is that I wanted my application to "look" more professional in the eyes of a DBA or whoever might want to look into the application. So I am going with the approach of only encrypting the user password.
>
>Thank you.

Even more professional if you were to hash the password - imo