How to encrypt database objects

  • Hi...

    Is there any way by which I can encrypt restrict to view definition of my database objects apart from using "With Encryption" keyword or "Access Control through user security".

    With Encryption will work for procedures and functions. But DAC Admin will have privileges to decrypt this encrypted procedures/functions

    Is there any third party tool or algorithm to do complete encryption so that nobody can see or alter the definition of the table

  • nope;obfuscating table definition itself is not possible. I'm sure you feel proud of your design, and feel someone could possibly reverse engineer some of your business practices simply by looking at the table design, but that is not something you should really concern yourself with.

    If you are going to take advantage of SQL server, you've got to expose some information, object names and their design/definition is one of them.

    as for hiding the proc and function definitions, all you can do is make it a little harder for any admin, he'd still be able to get to it if he wanted to/needed to.

    you could host the database yourself, instead of allowing the database to be onsite, and then use a logon trigger to prevent people from connecting with anything like SSMS/QA etc, so it makes it harder for end users to see the structure.

    why do you feel you need to hide the structure? aren't your customers allowed to create their own reports for their data, that happens to be in a database you designed? is that in your customer service agreement, that they can't see the structure? that would be a common business assumption, that the DATA is their data, and they can do with it what they want, and you might get yourself in a legal tango if you prevent a customer from accessing their own data. if you put roadblocks to accessing their own data, you could easily be liable for any issues that causes.

    as an example, the application we have at work says their data is their data, whent hey stop using the application it is still their data. they cannot modify the tables provided outside of the application without consulting us,that they can add any views they want, but no triggers, as a trigger could be written incorrectly and prevent data from being inserted, which would make us assume our app had a problem, but it was actually the hidden trigger.

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • Thanks Lowell,

    Our company is a product development company, we have a product through which online assessments can be conducted. We have two kinds of hosting.

    We will distribute our application along database to clients who want to use them. The deployment part of the application is difficult as there will be multiple test centers where we will deploy our application.

    (This type of deployment is purely for the LAN network, without internet connection).

    In another scenario we have centralized server where we will host the application in our own server and there we don't need any kind of decryption

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply