Re: stored procedure access

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Mary Chipman (mchip_at_online.microsoft.com)
Date: 04/10/04

• Next message: chris: "reporting package for sql"
• Previous message: Deac Lancaster: "How to secure data transmission from client (App Server) to SQL Server"
• In reply to: Billy Cormic: "stored procedure access"
• Next in thread: Billy Cormic: "Re: stored procedure access"
• Reply: Billy Cormic: "Re: stored procedure access"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sat, 10 Apr 2004 14:12:16 -0400

Yes, it's true that you can encrypt stored procedures, and it's also
true that this encryption mechanism has been compromised, so if your
client is aware of this and desires to decrypt your sprocs, it can
happen. FWIW, there's all kinds of decompilers out there for all of
the programming languages as well, so the only way you'll ever have
truly secure source code is to use a web service or some other
remoting mechanism where the client can only execute the code and
never has access to the source.

--Mary

On 10 Apr 2004 10:16:43 -0700, billy_cormic@hotmail.com (Billy Cormic)
wrote:

>Hello,
> I have a number of stored procedures on a SQL Server 2000 machine.
>I do not want people at the client site to be able to view the stored
>procedures because the sp's contain propriatary information.
>Unfortunately I must give the sa password to the people at the client
>site, there is no way around this (because other applications share
>the same SQL server). Is there anyway to securely encrypt the stored
>procedures so that people at the client site can not read them? I
>have heard that a number of methods used to encrypt stored procedures
>can be comprimised by downloading scripts from the web. Is this true?
> Is there anyway around this?
>
>Thanks again,
>Billy

---

• Next message: chris: "reporting package for sql"
• Previous message: Deac Lancaster: "How to secure data transmission from client (App Server) to SQL Server"
• In reply to: Billy Cormic: "stored procedure access"
• Next in thread: Billy Cormic: "Re: stored procedure access"
• Reply: Billy Cormic: "Re: stored procedure access"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Business objects, subset of collection ... SQL databases sucks for searching large data sets, ... TPC implementations rely heavily on stored procedures. ... Application modules that are executed on the client side but are stored on the server side. ... Lets say you want to find all unpaid invoices. ... (comp.object) Re: Portable stored procedures ... > JDatastore lets you store binary streams outside the table scema. ... Other databases usually do not store BLOB's ... > you will have to write the function in the client in Java (or whatever ... >> stored procedures written in some proprietary language. ... (comp.lang.java.databases) Re: SQL Parameter ... Even more reason to use stored procedures for secuirty. ... If your client app ... I do use Stored Procedures (in Delphi apps, I am only just migrating to C#). ... SqlCommand cmd = new SqlCommand( ... (microsoft.public.dotnet.languages.csharp) Re: About Entity-Relationship Diagram in BDS 2007 ... and back between dbms and handling level ... and when proper design is established client application can (and ... should) use rich world of excellent data-aware components which linked ... invoking stored procedures) on appserver side ... (borland.public.delphi.non-technical) Re: stored procedure access ... > client is aware of this and desires to decrypt your sprocs, ... > truly secure source code is to use a web service or some other ... >>I do not want people at the client site to be able to view the stored ... >>have heard that a number of methods used to encrypt stored procedures ... (microsoft.public.sqlserver.server)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > SQL-Server  > microsoft.public.sqlserver.server  > 2004-04