vikingDBA (4/29/2013)
"You may as well keep the SP in cleartext"While some people know how to decrypt encrypted stored procedures, I personally subscribe to bad guys the same way I subscribe to a tornado, "Keep as many barriers as you can between you and the storm."
It may not keep the most resourceful or intelligent bad guy from getting it, but it could keep the casual hacker from it. Any day is a good day when your company doesn't end up in the headlines of the news for a data breach.
Just my 2 cents.
+1. In this case it's not really encryption, more like obfuscation, and security by obfuscation is not really security. As long as you know that and are addressing other attack vectors with equal vigilence you'll be fine. Each attack vector should be given its due so I agree with your thinking 100% and the overall sentiment behind your comment, if I am reading it right. The more barriers you can place in front of an attacker, internal or external, the better off you'll be and the better chance you'll have at preventing a breach.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato