Re: is WITH ENCRYPTION now safe in SQL2005?

---

• From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
• Date: Sun, 6 Nov 2005 14:38:06 +0000 (UTC)

---

helmut woess (hw@xxxxxx) writes:
> Yes, everything has two sides. But i never touch foreign stored procs for
> repairing something! If a customer has a problem with a software not from
> me, then he has to clear this with his vendor - or he can change his
> software and work with my solution.

I think there are a lot of people out there who can tell you horror stories
of third-party vendors that for one reason or another do not offer support.
The company may folded, or the support fees is simply outrageous.

> Yes, i know, i don't like extended stored procs too, but i know no other
> way to secure a stored proc. And disassembling is much more harder then
> reading a clear text. I need not 100% security, but it should not be sooo
> easy to decrypt the source.
>...
> I want to prevent damage before it can happen because i have not the time
> nor the money to bring an action against somebody.

Look, if someone is dead set on stealing your code, disassembling is not
going to stop him.

In older versions of SQL Server, SQL Server did in fact stored some sort
of "object code" in sysprocedures. This was abandoned with the re-
architecture in SQL 7. This also resolved some gotchas that came with
the old arrangement and the final result is a cleaner architecture.


--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinfo/productdoc/2000/books.asp

.

---

• References:
  • is WITH ENCRYPTION now safe in SQL2005?
    • From: helmut woess
  • Re: is WITH ENCRYPTION now safe in SQL2005?
    • From: Mike Epprecht \(SQL MVP\)
  • Re: is WITH ENCRYPTION now safe in SQL2005?
    • From: Erland Sommarskog
  • Re: is WITH ENCRYPTION now safe in SQL2005?
    • From: helmut woess
  • Re: is WITH ENCRYPTION now safe in SQL2005?
    • From: Erland Sommarskog
  • Re: is WITH ENCRYPTION now safe in SQL2005?
    • From: helmut woess

• Prev by Date: Re: is WITH ENCRYPTION now safe in SQL2005?
• Next by Date: Re: commit and rollback problem
• Previous by thread: Re: is WITH ENCRYPTION now safe in SQL2005?
• Next by thread: Re: newby - AUTOINCREMENT problem.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Dynamically selected columns with column switch option ... the middle tier passes to the stored procs. ... So we are facing a design problem here. ... they might have to add new requests with new column sets. ... broad SELECT statements will force the sql server to produce huge ... (microsoft.public.sqlserver.programming) Re: is WITH ENCRYPTION now safe in SQL2005? ... > There are very dissenting opinions on that in the SQL Server community. ... > for one reason or another do not get good support from the vendor. ... How would a safe encryption method be implemented? ... about disassemled stored procs from firebird. ... (comp.databases.ms-sqlserver) Re: Encrypting SQL objects ... objects, i.e. Stored procs, Views, triggers. ... engine must be able to read the source code at run to be able to compile ... And if SQL Server has access to it, ... (microsoft.public.sqlserver.security) ADO error handling when connecting to SQL Server 2000 ... I use Delphi to connect to SQL Server 2000 using the ADO components. ... executing stored procedure that makes some calls to another stored procs. ... (microsoft.public.sqlserver.programming)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.databases.ms-sqlserver  > 2005-11