Re: Encrypt SQL Command to any SQL Server

From: Dejan Sarka (dejan_please_reply_to_newsgroups.sarka_at_avtenta.si)
Date: 03/01/04 

Date: Mon, 1 Mar 2004 15:43:02 +0100

Just a small addition - if you really need good encryption of your objects,
onsider using a 3rd party tool like
http://www.ecatenate.com/dblockdown_product_info.html. 

-- 
Dejan Sarka, SQL Server MVP
Associate Mentor
Solid Quality Learning
More than just Training
www.SolidQualityLearning.com
"Dan Guzman" <danguzman@nospam-earthlink.net> wrote in message
news:uLnYMm5$DHA.2448@TK2MSFTNGP12.phx.gbl...
> To add to the other responses, SQL Profiler will hide text that contains
> sensitive commands like 'sp_password'.  Consequently, you can include a
> comment with this text in the batches you want to hide like the example
> below.
>
> Note that object text encryption is basically just obfuscation.  A
> determined user could reverse engineer the object to view the source.  To
> protect your intellectual property, you should explicitly state in your
> license agreement that reverse engineering of your application code,
> including SQL objects, is prohibited.
>
>
> CREATE PROC usp_EncryptedProcedure1
> WITH ENCRYPTION
> AS
> --sp_password
> SELECT 'this create will not appear in profiler'
> GO
>
> CREATE PROC usp_EncryptedProcedure2
> WITH ENCRYPTION
> AS
> SELECT 'this create will appear in profiler'
> GO
>
>
> -- 
> Hope this helps.
>
> Dan Guzman
> SQL Server MVP
>
> "Pedro Gonçalves" <anonymous@microsoft.com> wrote in message
> news:%23ZRLGYu$DHA.2336@TK2MSFTNGP11.phx.gbl...
> > Hi,
> >
> > I'm a developer and in my applications I send commands to the SQL Server
> > databases to create, or recreate, Stored Procedures, Functions and
> Triggers.
> > Recently I realize that my clients, using SQL Profiler, could see the
code
> > of that functions, SPs and Triggers, and even change it after they know
> it.
> > This means that my intellectual property is not safe, and the clients
has
> > access to my source code.
> > I want to know if there is same way to encrypt the commands that I send
to
> > any SQL Server database in order to not being seen at profiler, at least
> for
> > that kind of commands.
> > I notice that profiler automatically not show commands like sp_addlogin
> > stored procedures...
> >
> > Thanks for your help,
> > Pedro Gonçalves
> >
> >
>
>

Relevant Pages

  • Re: SQL or Access DB
    ... As far as encryption goes though... ... with Sql Server you can use SQL DMO and encrypt your stored procedures ... installation - Security was absolutely critical and in most instances, ... > then we create a nice gui around this database and sell it to automotive ...
    (microsoft.public.dotnet.languages.vb)
  • RE: Views
    ... you must understand that SQL Server 2000 does not support ... database data encryption as such. ... following method in the KB below to enhance the security. ... Microsoft is providing this information as a convenience to you. ...
    (microsoft.public.sqlserver.programming)
  • Re: Protecting database from administrators
    ... >> there is no encryption while at rest it must still be secure. ... >> All the security MS has offered is weak. ... If it is attached to SQL Server ...
    (microsoft.public.sqlserver.security)
  • Re: MSDE Security (aka users looking at my apps database)
    ... > I have been called in more than once to untangle all sorts of developer ... let's think about a genious tool, RAC by SQL Server MVP Thanh Ngo.. ... even if SQL Server encryption has been defeated... ... think to privacy protection for sensible data... ...
    (microsoft.public.sqlserver.msde)
  • Re: is WITH ENCRYPTION now safe in SQL2005?
    ... There are very dissenting opinions on that in the SQL Server community. ... you are in this situation you are quite happy that you can decrypt the ... How would a safe encryption method be implemented? ... private key, SQL Server must have access to that private key. ...
    (comp.databases.ms-sqlserver)