Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We can precompile our (ASP.NET) websites and can publish only the IL code, so that the source code is not available to the customer.
But how do we do it for stored procedures written in SQL Server. I mean, when we give the customer the DB, he could see all my stored procedures and can modify the same… How could I protect it.
Thanks
Raja
An old problem. Here are a few answers I’ve picked up here and there:
Encrypt the stored procedures. As has
already been pointed out twice, this
doesn’t really work, as 5 minutes of
Googling will find several hacks.
Write the stored procedures as CLR
procedures. Harder to hack than
“regular” stored procedures, probably
a lot more effort to produce and
support.
Submit all queries dynamically from
your compiled IL code. I understand
it can be done reasonably secure from
SQL injection attack, but make darn
sure before you release. (Maybe use Linq to do this?)
Convert all database object names
(tables, columns, procedures) to
guids or random gibberish. They could
read it, but that wouldn’t help much.
I am not totally conversant on encryption within SQL 2005 and up. I really don’t think you can use it on code-based objects (procedures, functions, etc.), but maybe you can?
But by and large, once you give a copy of your database to someone with SysAdmin rights, they can do pretty much anything they want with it.