Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Secure SQL Code within Database Expand / Collapse
Author
Message
Posted Friday, December 05, 2008 5:42 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Tuesday, April 15, 2014 10:46 AM
Points: 3,241, Visits: 4,987
In my scenario, I have to deploy the database to the Server owned by the Customer. Now All my business logic is written in the Stored Procedures and Functions. I am searching for such a solution so that I can secure my Stored Procedures and Functions. I know about 'With Encryption' Option, but it can be decrypted by any decryption tool available in the market very easily.

SQL Shield is another option but it has to be installed at each client along with the server, which makes it very expensive. I cannot run Encrypted SPs by SQL Shield on client machine if I dont exclusively install it on the client machine.

Also, the Server residing in the customer premises has Administrative rights on the server.

Can some one help me with this...?


----------------------------------------------------------------------------------------------------------------------------------------------------------------------

Sometimes, winning is not an issue but trying.

You can check my BLOG here

Post #614415
Posted Friday, December 05, 2008 6:12 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 5:31 AM
Points: 10,910, Visits: 12,548
Really the WITH ENCRYPTION option or a third party tool is the only way to go if you are putting all the business logic in the database. Personally I don't believe in encrypting stored procedures because all too often someone else can see problems or provide a better solution.



Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #614447
Posted Friday, December 05, 2008 1:49 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Wednesday, April 16, 2014 8:22 AM
Points: 375, Visits: 765
Agreed... the only real options are WITH ENCRYPTION and third party tools. Your other option... although it has a host of other issues is to use CLR/.NET stored procedures which offers a lot of protection options, but moves it out of T-SQL.
Post #614957
Posted Tuesday, December 16, 2008 9:55 PM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Tuesday, April 15, 2014 10:46 AM
Points: 3,241, Visits: 4,987
Any recommendation for the third party tool for this purpose?
I have checked BLOCKKK and SQL Shield in this regard. Any other option will be appriciated.


----------------------------------------------------------------------------------------------------------------------------------------------------------------------

Sometimes, winning is not an issue but trying.

You can check my BLOG here

Post #620930
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse