Security in an SP
-
Hi Friends,
Pls help in on this...tired of searching in the Website
As of now we Know the way of Encrypting a stored procedure in SQL2000 by giving the code 'With Encryption' and the
code for decrypting the sp is also readily available in the Website. Can anyone help me with a more foolproof method wherein I can encrypt the sp with password. I mean to say that after i hve encrypted the sp with a password ,for decrypting the sp i shld need to pass the same password so that the sp can only be decrypted by the person who has encrypted it and not by anyone else.
Pls help me in this and the help is needed very urgently...
Thanks in Advance
-
I do not believe that this capability exists in SQL2000 or in SQL2005. If a user has read access and can create a stored procedure (freely available decrypting ones on the web) the encrypted stored procedure can be decrypted. Sorry ...
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
-
As Rudy as pointed out, there is no capability for this. In SQL Server 2000 if I hold CREATE PROCEDURE rights, I can use the code originally developed by ShoeBoy to decrypt the procedure. If I have sysadmin rights, I can use dOMNAR's program. The WITH ENCRYPTION is only designed to stop the merely curious. It won't prevent anyone who desires to see the contents of your code.
Trying to obscure this in compiled code won't work either, BTW, at least not in SQL Server 2000. A DBA can simply run a Profiler trace to see the T-SQL code as it gets passed to SQL Server.
K. Brian Kelley
@kbriankelley
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply