Preventing thiefs from reverse enginnering stored procedures

  • I would argue that the database access code, queries, reports, etc. aren't done with a lot of research and development. The techniques for querying data aren't that hard to learn, and the techniques have to be well understood for you to tune things and for customers to understand what you are doing.

    My advice would be to stop worrying about your competitors taking stored procedure code, which likely isn't worth stealing and build a better product. If a competitor has a similar product, then you can examine their code and if it's a copy, sue them. It's a better solution then spending a lot of development time trying to hide what you think are trade secrets, and very rarely are.

  • which likely isn't worth stealing

    really ? 😉 you did see it ? you have used it ? you know exactly how much money it already bring to us ? :hehe:

  • sdffdfad faadffad (2/22/2011)


    And what would you advise to us? To serve to all the competitors de-facto source code on golden plate and share with them results of years of research and development ? What about the money spent on investments ? Or move to other business ? Definitely no! I do agree it is never ending game but we have to do it.

    Like stated several times before: all you can do is to host your DB locally and provide a webservice for access.

    Other than that you'd need to rely on copyright or other legal agreements.

    I'd really like to know what super-intelligent one-of-a-kind noone-ever-before-came-up-with code you're trying to protect... Care to name the product?



    Lutz
    A pessimist is an optimist with experience.

    How to get fast answers to your question[/url]
    How to post performance related questions[/url]
    Links for Tally Table [/url] , Cross Tabs [/url] and Dynamic Cross Tabs [/url], Delimited Split Function[/url]

  • sdffdfad faadffad (2/22/2011)


    DBAs have very little to do with the buy or not to buy decisions in the real world. Competitive design and price and - that's what's all about.

    I would beg to differ here. I know that I would stand totally opposed to a product that forced us to allow CLR and would want a full assessment of all the CLR that would be running as part of the product before I let it in my environment. I'll be surprised if others have different opinions on this.

    ...and management would support me - thankfully.

    David

    @SQLTentmaker

    “He is no fool who gives what he cannot keep to gain that which he cannot lose” - Jim Elliot

  • sdffdfad faadffad (2/22/2011)


    DBAs have very little to do with the buy or not to buy decisions in the real world. Competitive design and price and - that's what's all about.

    And everybody steals everybody's code all of the time in this real world? :hehe:

    I'm guessing this is a spam post of sorts.

    Carlton.

  • OK. I was wrong, very wrong. But thankfully, I met this website and all of you -wise and highly experienced pros -who let me know the truth and the truth made me free. From tommorow we are moving to open source under GNU and start distribute for free. God bless you all ! Thanks !!!

  • I'm not saying you're wrong. But in two decades of working with all sorts of companies, almost nothing I've seen is worth protecting on the database side. Accounting software, imaging software, reporting software, computer controlled manufacturing, all of it has some neat techniques, but all of the operation is easily deduced from understanding the data manipulation.

    You might be the exception, and only you would know that, but most of the time it isn't worth worrying about.

    So many companies have their code open, and it's not copied or stolen. Why? because any company selling the same code can get sued, and easily lose if they've sent that code to a customer. It's just not worth taking the code.

    Again, you would know better than us what your system does, but I can tell you that many companies out there, thousands of them, make money selling their software with stored procedures easily viewed.

  • sdffdfad faadffad (2/22/2011)


    And what would you advise to us? To serve to all the competitors de-facto source code on golden plate and share with them results of years of research and development ? What about the money spent on investments ? Or move to other business ?

    If your code is that valuable, the only option that will protect you is to host the SQL server yourself and never give the clients the databases. Anything else is just hindering and you're fooling yourself if you think it will help.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Steve Jones - SSC Editor (2/22/2011)


    Again, you would know better than us what your system does, but I can tell you that many companies out there, thousands of them, make money selling their software with stored procedures easily viewed.

    Including Microsoft. Not one of their products that uses SQL encrypts the stored procedures.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • GilaMonster (2/22/2011)

    If your code is that valuable, the only option that will protect you is to host the SQL server yourself and never give the clients the databases. Anything else is just hindering and you're fooling yourself if you think it will help.

    I have seen the necessity of this and I know that they were still able to sell the service as the algorithms that they had defined were so unique that no one else had them. They knew they couldn't let that information out and they were able to host internally and it worked fine. Obviously not ideal but still viable.

    I'm certainly not implying that you should give the code / research away either. That is a tough situation. But you need to make your solution viable. CLR in my opinion isn't and from what others have stated it won't really protect you.

    Hope this helps.

    David

    @SQLTentmaker

    “He is no fool who gives what he cannot keep to gain that which he cannot lose” - Jim Elliot

  • Just another vote for hosting the solution internally and not letting the client have direct access to the database and code. The algorithms may be unique, but the code to get there may not be. I personally have never seen anything that was encrypted in a stored proc that was jaw-dropping. Unencrypting a proc is more of a nuisance than a security measure. And if I have access to the database, then retrieving the sql statements being executed wouldn't be too bothersome either.

    Just host it in -house and save yourself time, money and development.

    Jason...AKA CirqueDeSQLeil
    _______________________________________________
    I have given a name to my pain...MCM SQL Server, MVP
    SQL RNNR
    Posting Performance Based Questions - Gail Shaw[/url]
    Learn Extended Events

Viewing 11 posts - 31 through 40 (of 40 total)

You must be logged in to reply to this topic. Login to reply