September 24, 2015 at 7:55 am
Eric M Russell (9/24/2015)
As a side note, it appears that SQL Server does take at least some measures to respect the intent of stored procedure compiled using the "with encryption" option, by blocking the T-SQL at runtime from appearing in SQL Profiler traces and execution plan display.http://stackoverflow.com/questions/15840543/sql-server-profiler-suddenly-says-encrypted-text
Yes, this is true. I don't know if it is true for Extended Events, although I would assume it is.
Of course, as has been mentioned, 3rd party tools decrypt encrypted stored procedures, so it really isn't any protection. Any DBA or true SQL Developer is going to decrypt an encrypted object when there are issues anyway. I've done it many times and I've yet to find anything worth protecting, other than the reputation of the person who wrote the procedure with nested cursors when a single statement would have worked just fine.
If you really want to protect your IP don't put your business logic in the database beyond keys and constraints. Put it in the application code and use an obfuscation tool.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
Viewing post 16 (of 15 total)
You must be logged in to reply to this topic. Login to reply