Stored Procedure with Encryption

SATU · November 8th, 2006, 10:03 AM

Hello

I have to install a system in our Client
and I need to protect my code
I want to know if somebody have experience with the "store procedure with encriptyon"

Thanking in advance

Gustavo Saturansky
System Manager
CARD MINING

Jeff Moden · November 8th, 2006, 10:34 AM

Not much but I understand that it's very easy to break that built in encryption... I've seen several web sites where they tell how to break it... still, it will keep the honest man honest.

--Jeff Moden

SATU · November 9th, 2006, 09:31 AM

Jeff
Thanks for your answer
But i think because of my poor english, i couldn't explain my doubt
The only thing that i want to know

" Is the With Encryption property safe enough ?"

Thanks

Gustavo Saturansky
System Manager
CARD MINING

Quote:

quote:Originally posted by Jeff Moden
Not much but I understand that it's very easy to break that built in encryption... I've seen several web sites where they tell how to break it... still, it will keep the honest man honest.

--Jeff Moden

SQLScott · November 9th, 2006, 02:14 PM

Define "safe enough". Here is what BOL says about WITH Encryption:

Indicates that SQL Server will convert the original text of the CREATE PROCEDURE statement to an obfuscated format. The output of the obfuscation is not directly visible in any of the catalog views in SQL Server 2005. Users that have no access to system tables or database files cannot retrieve the obfuscated text. However, the text will be available to privileged users that can either access system tables over the DAC port or directly access database files. Also, users that can attach a debugger to the server process can retrieve the decrypted procedure from memory at runtime. For more information about accessing system metadata, see Metadata Visibility Configuration.

That is as safe as you are going to get.

Scott Klein
Author - Professional SQL Server 2005 XML
http://www.wrox.com/WileyCDA/WroxTit...764597922.html

SATU · November 9th, 2006, 02:23 PM

Thanks for your response

Quote:

quote:Originally posted by SQLScott
Define "safe enough". Here is what BOL says about WITH Encryption:

Indicates that SQL Server will convert the original text of the CREATE PROCEDURE statement to an obfuscated format. The output of the obfuscation is not directly visible in any of the catalog views in SQL Server 2005. Users that have no access to system tables or database files cannot retrieve the obfuscated text. However, the text will be available to privileged users that can either access system tables over the DAC port or directly access database files. Also, users that can attach a debugger to the server process can retrieve the decrypted procedure from memory at runtime. For more information about accessing system metadata, see Metadata Visibility Configuration.

That is as safe as you are going to get.

Scott Klein
Author - Professional SQL Server 2005 XML
http://www.wrox.com/WileyCDA/WroxTit...764597922.html

Gustavo Saturansky
System Manager
CARD MINING

SQLScott · November 9th, 2006, 02:58 PM

I hope our responses helped. I think we are just trying to understand what you mean by "safe enough". That all depends on your definition of "safe". If we haven't answered your question satisfactorily, please let us know and we can try again.

Scott Klein
Author - Professional SQL Server 2005 XML
http://www.wrox.com/WileyCDA/WroxTit...764597922.html

Jeff Moden · November 9th, 2006, 08:23 PM

Scott is pretty much on the money...

If "safe enough" means that the client will never be able to see your code in clear text, the answer is "No"... it is not safe enough.

--Jeff Moden

SATU · November 10th, 2006, 08:39 AM

Scott

Thank you again
Your answer have been satisfactorily.

Regards

Quote:

quote:Originally posted by SQLScott
I hope our responses helped. I think we are just trying to understand what you mean by "safe enough". That all depends on your definition of "safe". If we haven't answered your question satisfactorily, please let us know and we can try again.

Scott Klein
Author - Professional SQL Server 2005 XML
http://www.wrox.com/WileyCDA/WroxTit...764597922.html

Gustavo Saturansky
System Manager
CARD MINING