July 17, 2014 at 5:38 am
Hi All
I need to use a stored procedure/function to circumvent the userโs normal security context to return data from a table the user/application normally does not have direct access to. That solution works fine but leaves me with a issue.
How do I secure the code of stored procedure/function against manipulation? Iโm not concerned about the client seeing the code of the stored procedure/function. My concern is to ensure the code has not been changed! How can I detect or prevent that on the client's server?
All my attempts so far (like querying against SYS.SQL_MODULES to verify the code) seem only to work for database administrators. Unfortunately my application has to run on lower privileges.
July 17, 2014 at 5:46 am
Quick thought, have you looked into EXECUTE AS
๐
July 17, 2014 at 7:32 am
Thank you very much!
An "EXECUTE AS OWNER" seems to resolve it ๐
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply