Hi All

I know what I'm about to put down is probably more theorectical than an pure ASP prob, but I don't know where else to post over this forum of my ilk!! :0)

Basically I've created a classic asp web app that connects to an sql 2008 express db via ssl and even though the whole sys runs on/through ssl I've been told that I should encrypt certain parts of the db's content just in case anybody gets onto my server and hacks into the db.

Now I started to use an old Base64 encryption with a key bit of code that I've had for a bit, but somebody told me that base64 just converts the text into a better transport method rather than actually encrypting it and its easy to hack, but I've put a long key in and it doesn't seem to convert back and forth properly without knowing the key - are they right?? Should I be using something else?

Having started to encrypt certain parts, eg a person's name, dob, etc, it suddenly dawned on me that although I'm encrypting and decrypting as I go if I want to do search queries then it ain't gonna work. For example if I want to find all the people with 'gar' in their name then this isn't going to work and if I want to find all the people who are born between Apr and May then this isn't either.

My second query is, if I've got the dbs on a dedicated server running only one site, loads of password access only and on https do I really need to encrypt db fields as well?? If so, how do I get round these query (and sort order) issues??