Re: Questions about WITH ENCRYPTION
From: Andrew John (aj@DeleteThismistrose.com)
Date: 05/04/02
- Next message: Lee Fuller: "Hiding Databases in SQL Ent Manager"
- Previous message: Prakash K Reddy: "User mangement for a database applicaiton"
- Next in thread: Erland Sommarskog: "Re: Questions about WITH ENCRYPTION"
- Maybe reply: Erland Sommarskog: "Re: Questions about WITH ENCRYPTION"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Andrew John" <aj@DeleteThismistrose.com> Date: Sat, 4 May 2002 23:57:10 +1000
Paul,
There were 3rd party tools available that could decrypt on earlier versions.
But I think the encryption is stronger on 2k.
A search through the archives of this newsgroup confirms this, and
turns up some interesting posts. www.google.com is one way to do this.
In a development environment encryption ( like security ! ) is
a right pain. But it is a good way to force all developers to use
your version control system (eg SourceSafe), as the code is
inaccessible for adhoc editing.
You need to be careful assuming you will get the StoredProcedure
back using :
> > Other than alteringing the stored procedure and removing the WITH
> > ENCRYPTION
> > clause, is there any other way to decrypt the stored procedure?
Because it wont work unless you have the clear text of the stored procedure.
In a production environment we considered using Encryption, but decided not
to as it would slow down any debugging / fault finding. Without encryption you
could use security to prevent access, except by SA.
If you have no choice but to use WITH ENCRYPTION to protect your intellectual
property, then it is the old trade off of security vs ease of use.
Where on the spectrum you want to sit, is up to you.
Regards
AJ
"Paul Delcogliano" <pdelco@progsys.com> wrote in message news:#MnAFlh8BHA.2108@tkmsftngp05...
> Robert,
>
> You mentioned that there were 3rd party tools available that can decrypt the
> stored procedures. Can you give me any more information about those tools?
>
> Thanks.
>
> "Robert Ellis" <robert.ellis3@nospam.virgin.net> wrote in message
> news:eY7khZh8BHA.820@tkmsftngp05...
> >
> >
> > --
> > --
> > Kind Regards,
> >
> > Robert A. Ellis, MCSD
> > Software Developer
> >
> > "Paul Delcogliano" <pdelco@progsys.com> wrote in message
> > news:#bz2LVh8BHA.1096@tkmsftngp02...
> > > Hi all,
> > >
> > > I just recently started using the WITH ENCRYPTION clause when I create
> > > stored procedures in SQL Server 2K. It seems like a really useful
> feature
> > > for hiding the stored procedure's definition. I was wondering if anyone
> > has
> > > any experience with encrypting stored procedures in a production
> > > environment. I have the following questions...
> > >
> > > Is there any performance penalty when executing an encrypted stored
> > > procedure?
> >
> > I believe not.
> >
> > >
> > > Other than alteringing the stored procedure and removing the WITH
> > ENCRYPTION
> > > clause, is there any other way to decrypt the stored procedure?
> > >
> >
> > Yes, but not using SQL Server. You can get 3rd party software that
> decrypts.
> >
> > > How secure is the encryption -- is it easy for a "hacker" to break the
> > > encryption and read the contents of the stored procedure?
> > >
> >
> > No idea how strong the encryption is, if that is what you mean.
> >
> > > What are the drawbacks, if any, to using WITH ENCRYPTION?
> > >
> >
> > The inconvenience of not being able to view them through the normal client
> > tool interface (EM).
> >
> > > Any help is greatly appreciated. Thanks.
> > >
> > >
> >
> >
>
>
- Next message: Lee Fuller: "Hiding Databases in SQL Ent Manager"
- Previous message: Prakash K Reddy: "User mangement for a database applicaiton"
- Next in thread: Erland Sommarskog: "Re: Questions about WITH ENCRYPTION"
- Maybe reply: Erland Sommarskog: "Re: Questions about WITH ENCRYPTION"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
