Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Encrypting SQL Code

By Steve Jones,

This editorial was originally published on April 10, 2009. It is being re-run as Steve is on vacation.

I recently engaged in a discussion with someone that was building an application on SQL Server. This person had a bunch of SQL code that was being put in stored procedures and then being sent to client sites. The developers were worried about clients modifying their code and wanted to send "secure updates" to the client by encrypting the stored procedures and giving the clients the encrypted text.

Apart from the hassles of getting this to work, I asked by would they bother. There are decryption routines available and this isn't meant to be a secure way to hide your code. Heck, even application code can be decompiled, and if they're likely to mess with the code, they likely have the skills to get the source.

So for this Friday's poll, I'm wondering about how you feel about encrypting code in SQL Server. I want to know what you think.

Is there a point?

Is there a reason to encrypt stored procedure code? After all, there are many, many vendors that sell applications built on SQL Server, with stored procedures.  Most of that code isn't encrypted and it's usually not a problem. Most customers don't mess with the code and there are usually prohibitions written into support agreements.

Personally I don't think there are many great ideas, and likely very, very few in the database space, that are worth securing. Someone doesn't buy a software package so the can learn how you wrote it. Most of them buy software because it solves a problem and saves them time. If you can deliver a well performing, and good looking application, no one cares about the code.

But I'm curious what the rest of you think, both end users and software developers. Is there really a good reason to worry about encrypting your code?

Steve Jones


The Voice of the DBA Podcasts

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Total article views: 568 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

Podcast Announcements

Podcast Feeds

BLOG

Technical Podcasts I Listen To

There are a few podcasts I tend to listen to as I have time. Since I work with a wide...

BLOG

Podcasting

A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...

BLOG

Podcast Upgrades

A minor change for the podcasts next week. I got my wireless microphone, and I'm working with it a b...

ARTICLE

Encrypting Data

Encrypting data is the easy part of dealing with encryption and databases. Steve Jones talks about s...

Tags
editorial    
encryption    
friday poll    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones