Show/Hide Toolbars

Navigation: Using ASPRunner.NET > Security

asprunnernet32x32     ASPRunner.NET manual


Encryption

Scroll Prev Next More

 

Encryption feature allows you to encrypt important data in the database such as credit card number or Social Security number. You need to select encryption method, enter encryption key and choose fields to be encrypted.

yellowbulbNote: Encryption feature is available only in the Enterprise Edition of ASPRunner.NET. See Editions Comparison.

encryption_n

You can select database-based or code-based encryption method. Note that database-based encryption method is available only for MySQL, Oracle, PostgreSQL and MS SQL Server databases. Database-based method is recommended since some features will not work in case of code-based method: encrypted fields are not involved in the sorting and grouping, search suggest and search with all search operators other than Equal will not work etc. So make sure you encrypt really important data.

Database-based encryption

To use database-based encryption method in PostgreSQL module pgcrypto must be installed; in Oracle a user must be given the rights to the package SYS.DBMS_CRYPTO and Oracle version shall be 10 or higher; MySQL should be configured to support SSL.

Encryption key

The encryption key length more than 10 characters is recommended. Use Generate button to generate a random key. You can encrypt only text fields. Since the encrypted value is much longer than source value (at least 2-3 times), you should choose fields with maximum length such as TEXT in MySQL or MEMO in MS Access.

yellowbulbNote: ASPRunner.NET does not encrypt existing data. Encryption will be applied only to the add/edit operations.

yellowbulbNote: Once encrypted data are stored in the database you should not change the encryption type or key, also you can not cancel the encryption otherwise data will remain encrypted.

Example of how encrypted data are stored in the database and displayed in the application

encryption_example_n

Functions used for database-based encryption

Oracle:

Encryption: DBMS_CRYPTO.ENCRYPT()

Decryption: DBMS_CRYPTO.DECRYPT()

MS SQL Server:

Encryption: EncryptByPassPhrase(), EncryptByKey()

Decryption: DecryptByPassPhrase(), DecryptByKey()

MySQL:

Encryption: DES_ENCRYPT(), AES_ENCRYPT()    

Decryption: DES_DECRYPT(), AES_DECRYPT()

PostgreSQL:

Encryption: pgp_sym_encrypt()

Decryption: pgp_sym_decrypt()

Functions used for code-based encryption:

ASPRunner.NET uses DES or AES-128 encryption algorithm.

Encrypt existing values in the database

Before starting this procedure make a backup of the database. You may perform the encryption of existing values only once. Double encryption will cause problems and it is not possible to determine definitely whether the data was encrypted or not before the procedure.

To encrypt existing values in the database add following code to the List page: Before process event of your table:

MVCFunctions.Ciphcoding();

Then run you List page that contains encrypted fields with ciphcoding=1 parameter, eg:

/mytable/list?ciphcoding=1

Once the data has been encrypted, remove the code from the List page: Before process event and re-upload application. We recommend to perform this procedure on the development machine or server without public access.
 

Decrypt custom query results

MySQL, AES encryption

key variable should contain encryption key specified in ASPRunner.NET on encryption screen.

//define encryption key

string key="09a308862fbe462095dd6eba33ab9dd21b8fd35b0d884b48819a34ce8636983b";
 
string sql = "SELECT cast(AES_DECRYPT(unhex(customer_name), '" + key +"') as char) AS custname FROM customers_table WHERE id = 'CUST123'";    

XVar rs = tDAL.CustomQuery(sql);

XVar data = CommonFunctions.db_fetch_array(rs)

 

MVCFunctions.EchoToOutput(data["custname"]);