> purely regulations of medical authorities! If your goal is simply to be able to say that data is encrypted, you could simply store the database files on an encrypting filesystem of some sort. But that wouldn't really prevent people from reading them assuming those people didn't just steal the hard drive from the computer.
If your goal is to prevent people from accessing the database directly, that's less a matter of encryption and more of limiting access to ports, using logins, etc. If your goal is to prevent people from accessing the database maliciously from your web application, then you typically have to (a) use PKI and (b) limit what you can do with the key that your application will presumably possess. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343461 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
