I&#039;m in the process of designing a site to store personal information about individuals that a non-profit organization works with so that they can track and do necessary filing for their activities. Due to some of the information being sensitive, I&#039;ve been asked to make the site as secure as I can as part of my code.<BR><BR>As of right now, the site has a cookie based security system for authentication and all that fun stuff. For the site, as of right now, we&#039;re satisfied with that level of security. I&#039;m now turning my attention to the database, which contains this information. I&#039;ve looked through the security and authorization stuff on this site, and got some good ideas on it, but I was curious as to whether it is worth considering the idea of encrypting all the data going into and out of the database, just in case somebody gets access.<BR><BR>All I&#039;ve been able to find is discussions about encrypting passwords, but nothing talking about whether protecting all the data is worth doing, and how I should go about that. For example, where should I store the key that I&#039;m using?<BR><BR>Any advice or help to point me in the right direction would be really appreciated.<BR><BR>Thanks,<BR><BR><BR>Mat