SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2008 Forums
 Transact-SQL (2008)
 Protecting a database		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Steve2106
Posting Yak Master

United Kingdom
149 Posts
Posted - 05/17/2012 :  13:11:20  Show Profile  Reply with Quote
Hi There,

Can someone help me please.

Is there a way to protect my database.

I have developed an asp.net web application and a client wants to install it on their own server.
Normally for me to create the database I run an Sql Script file but for the client I would like to be able to run an installer that creates the database and tables but does not give them access to the database structure, tables, stored procedures etc.

Can that be done?

Thanks for any help you can give.

Best regards,


Steve

vijays3
Constraint Violating Yak Guru

India
311 Posts
Posted - 05/17/2012 :  14:57:05  Show Profile  Reply with Quote 
You can use WITH ENCRYPTION on stored procedures, views and functions
when you create your objects. However, decryption methods can easily
be found on the web, so it gives no real protection. The main point
with encrypting objects is to inform people that they are supposed
to keep their nose out, so they don't wander just by chance into
your code.


Vijay is here to learn something from you guys.
Go to Top of Page

robvolk
Most Valuable Yak

USA
15568 Posts
Posted - 05/17/2012 :  15:12:00  Show Profile  Visit robvolk's Homepage  Reply with Quote
As far as seeing your structure, it's on their server, so you can't prevent them from seeing it. The only way to truly protect you database and code with with a license agreement. Hire a lawyer to craft one for you and make sure they are familiar with software licensing and intellectual property law. As long as the license agreement protects your rights your client cannot legally modify your database or use it for their own purposes. If the client won't sign the agreement, don't do business with them.
Go to Top of Page

Steve2106
Posting Yak Master

United Kingdom
149 Posts
Posted - 05/18/2012 :  03:21:59  Show Profile  Reply with Quote
Hi There,
Thanks for the replies.

We do have a signed license agreement but we do not know if they are changing or reusing our product elsewhere. We have no control and I was wondering if there was a way to keep control.

All the best,

Steve
Go to Top of Page

Lumbago
Norsk Yak Master

Norway
3246 Posts
Posted - 05/18/2012 :  04:27:21  Show Profile  Reply with Quote
The only way to keep your code secure is to not let them install it on their own servers. The encryption-stuff is a real pain in the a$$ for everyone (including you) so you should really stay away from it. What most companies do is to keep the sensitive/complex part of their business logic in the compiled application code and then use the database for the less senitive stuff and as a storage medium.

- Lumbago
My blog-> http://thefirstsql.com/2011/07/08/how-to-find-gaps-in-identity-columns-at-the-speed-of-light/
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.05 seconds. Powered By: Snitz Forums 2000