What are the best practices for data encryption, especially in a web based environment. We are storing some sensitive information and it needs to be properly encrypted.
The end user will only access the data via https and they will be authenticated .. although I still wonder if that is enough.
Ideas?