Sign all stored procedures with a Certificate.

  • Hello,

    My company is going about ever increasing our security on all our Servers/databases. The question proposed to me was "can we sign all our SP with a certificate?"

    I figured it is doable but my question is, is it advisable? We would most likely use the azure key vault connector to store secrets that way but I am unsure the impact signing our SP would cause on our DBs. I was wondering if anyone had any first hand knowledge on doing this on a large scale.

    Thanks!

  • I am not sure what you hope to achieve by signing all the SPs with a certificate. I have only ever signed t-sql SPs when ownership chaining is not going to work or server level permissions are required.

    Maybe you are selling an application in which case you could sign the SPs with a certificate to detect alterations by customers.

    The following paper, by Eland Sommarskog, is worth reading as it contains a lot of information on how to handle certificates.

    Packaging Permissions in Stored Procedures

    • This reply was modified 1 month, 1 week ago by  Ken McKelvey.
  • This was removed by the editor as SPAM

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply