|
Subject:
|
Stored Procedure with Encryption
|
|
Posted By:
|
SATU
|
Post Date:
|
11/8/2006 9:03:10 AM
|
Hello
I have to install a system in our Client
and I need to protect my code
I want to know if somebody have experience with the "store procedure with encriptyon"
Thanking in advance
Gustavo Saturansky
System Manager
CARD MINING
|
|
Reply By:
|
Jeff Moden
|
Reply Date:
|
11/8/2006 9:34:02 AM
|
Not much but I understand that it's very easy to break that built in encryption... I've seen several web sites where they tell how to break it... still, it will keep the honest man honest.
--Jeff Moden
|
|
Reply By:
|
SATU
|
Reply Date:
|
11/9/2006 8:31:04 AM
|
Jeff
Thanks for your answer
But i think because of my poor english, i couldn't explain my doubt
The only thing that i want to know
" Is the With Encryption property safe enough ?"
Thanks
Gustavo Saturansky
System Manager
CARD MINING
quote:
Originally posted by Jeff Moden
Not much but I understand that it's very easy to break that built in encryption... I've seen several web sites where they tell how to break it... still, it will keep the honest man honest.
--Jeff Moden
|
|
Reply By:
|
SQLScott
|
Reply Date:
|
11/9/2006 1:14:08 PM
|
Define "safe enough". Here is what BOL says about WITH Encryption:
Indicates that SQL Server will convert the original text of the CREATE PROCEDURE statement to an obfuscated format. The output of the obfuscation is not directly visible in any of the catalog views in SQL Server 2005. Users that have no access to system tables or database files cannot retrieve the obfuscated text. However, the text will be available to privileged users that can either access system tables over the DAC port or directly access database files. Also, users that can attach a debugger to the server process can retrieve the decrypted procedure from memory at runtime. For more information about accessing system metadata, see Metadata Visibility Configuration.
That is as safe as you are going to get.
Scott Klein
Author - Professional SQL Server 2005 XML
http://www.wrox.com/WileyCDA/WroxTitle/productCd-0764597922.html
|
|
Reply By:
|
SATU
|
Reply Date:
|
11/9/2006 1:23:20 PM
|
Thanks for your response
quote:
Originally posted by SQLScott
Define "safe enough". Here is what BOL says about WITH Encryption:
Indicates that SQL Server will convert the original text of the CREATE PROCEDURE statement to an obfuscated format. The output of the obfuscation is not directly visible in any of the catalog views in SQL Server 2005. Users that have no access to system tables or database files cannot retrieve the obfuscated text. However, the text will be available to privileged users that can either access system tables over the DAC port or directly access database files. Also, users that can attach a debugger to the server process can retrieve the decrypted procedure from memory at runtime. For more information about accessing system metadata, see Metadata Visibility Configuration.
That is as safe as you are going to get.
Scott Klein
Author - Professional SQL Server 2005 XML
http://www.wrox.com/WileyCDA/WroxTitle/productCd-0764597922.html
Gustavo Saturansky
System Manager
CARD MINING
|
|
Reply By:
|
SQLScott
|
Reply Date:
|
11/9/2006 1:58:26 PM
|
I hope our responses helped. I think we are just trying to understand what you mean by "safe enough". That all depends on your definition of "safe". If we haven't answered your question satisfactorily, please let us know and we can try again.
Scott Klein
Author - Professional SQL Server 2005 XML
http://www.wrox.com/WileyCDA/WroxTitle/productCd-0764597922.html
|
|
Reply By:
|
Jeff Moden
|
Reply Date:
|
11/9/2006 7:23:40 PM
|
Scott is pretty much on the money...
If "safe enough" means that the client will never be able to see your code in clear text, the answer is "No"... it is not safe enough.
--Jeff Moden
|
|
Reply By:
|
SATU
|
Reply Date:
|
11/10/2006 7:39:03 AM
|
Scott
Thank you again
Your answer have been satisfactorily.
Regards
quote:
Originally posted by SQLScott
I hope our responses helped. I think we are just trying to understand what you mean by "safe enough". That all depends on your definition of "safe". If we haven't answered your question satisfactorily, please let us know and we can try again.
Scott Klein
Author - Professional SQL Server 2005 XML
http://www.wrox.com/WileyCDA/WroxTitle/productCd-0764597922.html
Gustavo Saturansky
System Manager
CARD MINING
|
