Re: Stored Procedures

From: Andrew J. Kelly (sqlmvpnooospam_at_shadhawk.com)
Date: 07/14/04 

Date: Wed, 14 Jul 2004 14:05:36 -0400

There really is no way to prevent a determined user from viewing the procs
if they have access to the server. The way to protect your investment is to
copywrite the material and have a very solid licensing agreement. 

-- 
Andrew J. Kelly  SQL MVP
"Ethan" <anonymous@discussions.microsoft.com> wrote in message
news:2cca401c469be$cef93dc0$a401280a@phx.gbl...
>
> My application is installed on SQL servers at client
> sites.  I want to prevent clients from seeing the logic in
> the stored procedures.
>
> I initially thought the "with encryption" option would do
> the trick.  However a simple search returned the decrypt
> stored procedure.  I am not interested in third party
> encryption products because I don't want to install them
> at client sites--or pay for them.  Is there any way to
> accomplish this?  Does anyone know if MS plans to improve
> the encryption?
>
> I was also thinking that I would send the majority of the
> logic (sql string) as one of the parameters.  Is there any
> performance hit if I send the entire sql string to
> a "blank" stored procedure?
>
> Even with this method, I believe the client would still be
> able to see my sql string using SQL Profiler and other
> tools.
>
> As a vendor, is there any way to prevent clients from
> making changes to tables and stored procedures.  It seems
> that as long as the client controls the sql server, we
> have way to prevent this.  For example, in MSAccess you
> can set permissions for the backend file and prevent even
> the highest level users at a client site from making
> changes.
>
> Thanks,
> Ethan
>
>

Relevant Pages

  • Re: DataSet.GetChanges() in RowChanged(DataRowAction.Add)
    ... have you considered SQL Express and use ... > I realize now that I didn't describe well how the client application is ... > Framework installed on the client machine, but not any SQL Server). ... > 20 tables in different relations with eachother in the database, ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: SBS 2003 and Sql Server ~ Client Install
    ... I've found the client tools and have now successfully installed them. ... Access front end to a SQL database, Excel can be a front end, A word mail merge document could access a SQL database via ODBC. ... We are trying to install the client software. ... We understand that a Northwind training database is available for SQL Server. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: SBS 2003 and Sql Server ~ Client Install
    ... I've found the client tools and have now ... A word mail merge document could access a SQL database via ... We want to install to gain an understanding. ... Once we've managed to install the SQL Server Client we can start to ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: TDS vs. TCP
    ... I start capturing the network traffic between SQL ... Server and the client. ... I don't see any TDS packets but the communication between SQL ... stand-a-lone server and the client, ...
    (microsoft.public.sqlserver.clustering)
  • Re: Store procedure vs Direct statement ???
    ... sql also executes on the server. ... In response to your example of stored procedures having a security advantage ... When you give users permission to access tables you must be aware you have given ...
    (microsoft.public.dotnet.framework.adonet)