How to Encrypt Database Objects in SQL Server 2008R2

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2008 » SQL Server 2008 - General » How to Encrypt Database Objects in SQL Server...

15 posts, Page 2 of 2

««1 2

How to Encrypt Database Objects in SQL Server 2008R2

Rate Topic

Display Mode

Topic Options

Author

Message

Dev

Posted Thursday, December 01, 2011 11:46 PM

SSCrazy

Group: General Forum Members
Last Login: Wednesday, May 15, 2013 2:05 PM
Points: 2,013, Visits: 1,566

azhar.iqbal499 (12/1/2011)

Thanks.
I just want to save my database from any user at live, In case if He would be able to reach the database then He must not be able to see the code of database objects.
So What security meausres should I take to acheive this goal.

Thanks

I believe you need a proper User Access management than encryption. I would restrict a user at following levels...
Server Login Level
Database User Level
Schema Level
Object Level
Object level Encryption (SP / View)

~Dev~

Post #1215146

Perry Whittle

Posted Friday, December 02, 2011 2:14 AM

SSCertifiable

Group: General Forum Members
Last Login: Today @ 10:11 AM
Points: 5,242, Visits: 11,262

azhar.iqbal499 (12/1/2011)

In case if He would be able to reach the database then He must not be able to see the code of database objects.
So What security meausres should I take to acheive this goal.

Thanks

anybody granted access to the database will have public access which provides the ability to view certain objects. Exactly what is it you dont want users to see?

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" Wink

Post #1215203

EdVassie

Posted Monday, December 19, 2011 10:01 AM

SSCrazy

Group: General Forum Members
Last Login: Yesterday @ 5:46 AM
Points: 2,636, Visits: 2,788

The DBA of a production system will have rights to see all atabase objects.

If you use 'encrypted' stored procedures and functions, the DBA will not be able to view the contents of these in SSMS, but as Gail says this is just obfuscation and is trivial to reverse.

If this is an in-house application then you have next to zero justification for trying to hide your database objects from the production DBA. You just make your system less reliable to operate.

If this is a system that is to be sold, then normal practice is that you protect yourself with contractural agreements, not by trying to hide the internals of your system.

Author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2012, 2008 R2, 2008 and 2005. 4 June 2013: now over 24,000 downloads.
Disclaimer: All information provided is a personal opinion that may not match reality.
Concept: "Pizza Apartheid" - the discrimination that separates those who earn enough in one day to buy a pizza if they want one, from those who can not.

Post #1223929

Sagesh

Posted Thursday, October 11, 2012 6:19 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, June 07, 2013 7:25 AM
Points: 112, Visits: 160

Use WITH Encryption Keyword with all the SQL objects while installing on the production system.

Post #1371407

GilaMonster

Posted Thursday, October 11, 2012 6:37 AM

SSC-Dedicated

Group: General Forum Members
Last Login: Today @ 12:31 PM
Points: 38,089, Visits: 30,384

Sagesh (10/11/2012)

Use WITH Encryption Keyword with all the SQL objects while installing on the production system.

As I mentioned earlier in this thread, that's not actually encryption and it's trivial to reverse.

Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1371418

« Prev Topic | Next Topic »

15 posts, Page 2 of 2

««1 2

Permissions