Click here to Skip to main content
14,979,837 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more: , +
I'm having to set up security for a web application where we will be having users outside of our domain logging in to access PHI (Patient Health Information) data. I would like to use the ASP.net login controls but have a question about best practices for the database for storing the login information.

Can the security login data be set up in a different database from the database containing the PHI data? Or do the tables containing the security data need to reside in the same database? We may have other application that we will need to use the asp.net controls and store the login information and I was thinking it was better to have it all in one database.

What does everyone else think? What have you done when it comes to security? Are there any links, articles, or white papers talking about best practices for securing login information?

Thanks,
Carolyn
Posted

1 solution

Hi Carolyn,

There is no problem in using the same database as long as you encrypt the password field using md5, sha1, sha256, etc.

Regards,
Eduard
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900