Encrypt Stored Procedure

  • I have built a stored procedure that I would like to encrypt. 

    Are there other alternatives, or what are the options?

    Can it be converted to a dll?

    Maybe I'm out of my mind!

     

    Thanks!

  • You can use WITH ENCRIPTION on the procedure declaration, you can create an exteded stored procedure using C++, you can create COM Component and use sp_OA* calls but the real question is:  why do you want that?

     


    * Noel

  • Thanks for the multiple suggestions!

    There are two reasons. 

    First and Foremost, Security:  I've built some very useful SP's that analyze certain aspects of the CRM system.  The clients also have inhouse users with access to SQL.  I cannot control their security as this is defined by them.  I have experience with client employees messing with stuff I built and I take the heat for things breaking.

    Resell:  There are other legal obligations not to discuss here, but I want to deploy this to other clients.  However, I do not want competitors taking my code if at all possible.

    Thanks again!!

     

  • Just go with the with encryption.

    Make sure that you have backups of the code cause you won't be able to access it again.

    However I must tell you that there are some working de-encrypters that work, so they might find out anyways.

  • Like explained above "with encryption" is the easiest and more portable but it can be decripted. If you really need protection only extended stored procedures will help you ("a bit") in keeping IP. The other way is to put the core logic in the application but don't know really the details!

    Good luck

     

     


    * Noel

  • OK encrypt your procs but make sure that you have scripts should you need to get hold of them. Frankly it is more trouble than it is worth.

    I wouldn't worry too much about people stealing you procs. Without the database schema and a intimate knowledge of your app they are not much use.

    If you are worried about customers ruining your app by fiddling where they shouldn't then as part of the support provision you should have the facility to request a backup of their database.

    Again, when I was working with CMS systems the better vendors would request detailed platform information plus a list of steps that would reproduce the error or that were taken to get the error.

    One question they would ask was "can you reproduce the error in your environment"? If an error cannot be reproduced then it could easily be user error rather than a system fault. However, if the error can be reproduced in their environment but not yours it could indicate that they have been meddling.

    If you can get a backup of their system then there are tools out there to compare the databases are report on the differences.

  • Thank you all for the replies.  All very understandable and appreciated!

    Quick question:  If I wanted to create an Extended SP, it sounds like I need Visual Studio or equivalent.  Does it require knowledge of C++ language, or is there a very understandable wizard that is available?  I'm a novice T-SQL user who can get things done, but never touched C anything.

     

    TIA

  • How to decrypt a SP...

  • Search on this site or the web... quite easy to find.

  • So much fuzz in vain... and what if the users (who has access) fires up profiler and there sees the entire (decrypted) procedure when it's executed..

    /Kenneth

  • I looked into creating extended stored procedures but I found that they were more trouble than they were worth.

    I took to creating ActiveX DLLs and using sp_OACreate etc to instantiate them.

    With SQL2005 and the CLR I won't even have to bother doing that.

Viewing 11 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic. Login to reply