Home Forums SQL Server 2012 SQL Server 2012 - T-SQL how to lock stored procedure code without encryption? RE: how to lock stored procedure code without encryption?

  • July 21, 2016 at 12:40 pm

    #1891430

    Sean Lange (7/20/2016)

    Eric M Russell (7/20/2016)

    Within the stored proceure, you could contain most of your T-SQL, or at least the most sensive parts, encrypted in a varbinary(max) variable. The symmetric key could then be supplied by the application as an input parameter. Use the key to decrypt the contents of the variable, and then execute the decrypted T-SQL text dynamically. However, even that could be defeated by the DBA using a SQL Profiler or SQL Audit event trace.

    And seriously...what t-sql could really be so sensitive? If there are business rules buried in there it is a good sign the business rules are in the wrong place.

    Yeah, it's sort of like the owner of a sandwhich shop who thinks his business has some unique and innovative way of slicing bread or dicing vegetables that gives them a competitive advantage over the deli across the street, so they paper over the windows and make all their kitchen staff sign a nondisclosure form.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho