• My goal WITH ENCRYPTION is not so much to "secure" our code base.

    It's the same as with .NET or Java code.

    Just some decent obfuscation.

    But, obfuscation is good enough to prevent 99.9% of the clients from snooping around the code and finding "bugs" or proposing "optimizations", or even worse replacing directly some SQL code with their own "optimized" versions.

    Additionally, clients who are a bit tech-savvy might be tempted to "study" our SQL code and think of it as a "public" API that they can use to write additional code for their own purposes. Then when our upgraded version arrives, their code might break and we will have endless and totally unneeded support cycles.

    Similarly, with upgrades, why should I give the chance to a client to look at what changed *internally* in the DB? What would be the benefit? It can only lead to trouble and unnecessary discussion about this and that.

    That's why I would like some sort of obfuscated file that can be executed by a readily available tool, like SQLCMD.

    Otherwise, I will write my own 🙂