Reputation: 3610
How to protect SQL Server stored procedures
We have an application that relies on some pretty interesting and complex MS SQL stored procedures. Now we want to use the database with those procedures in a shared environment. Is there a way to secure/encrypt/whatever so that the contents of those stored procs cannot be read (copied) by the server administrator?
Upvotes: 3
Views: 1896
Answers (3)
Reputation: 6584
You can obfuscate the text with the WITH ENCRYPTION clause but this isn't true encryption. You could also go the CLR route which essentially calls a DLL but I think this could have performance implications.
I dont think you should give sa access to anyone you don't trust enough to view stored procedure code, and if your code is really so top-secret I wonder why you're even using a shared hosting environment in the first place?
If you can't get out of the shared environment, at least try and get your own instance which only you have sa access to.
Upvotes: 0
Reputation: 280272
You can create a procedure WITH ENCRYPTION but this only protects you from casual prying (it's not really encryption in the strictest sense, more like obfuscation), since there are many resources online that will show you how to decrypt.
If you have important business logic, put it into CLR. That will protect you from some of the prying, but a determined person will still find a way to decompile your stuff.
Upvotes: 2
Related Questions
- how to secure a valuable stored procedure in sql server
- SQL Server - Protect my stored procedures
- Security in SQL Server
- EF or Stored procedure security
- SQL Server restrict user to selected stored procedures only
- Making a SQL Server Stored Procedure Safe from SQL Injections
- How to control access to a Stored Procedure in SQL Server?
- sql 2005 - strategy for restricting access via stored procedures only
- sql server 2008 security