| Author |
Topic |
|
plutodev
Starting Member
4 Posts |
 Posted - 2010-02-28 : 08:58:46
|
| I code my logic in stored procedure,I don't want my client can see my logicso, I create my stored procedure with encryption.but i have some problems1. How to transfer my encrypted stored procedure to my client.because I cannot generante sql script from management studio because of encryption.and 2. how to prevent the tools that can decrypt my encrypted stored procedure. because many tools can do thisthanks in advance |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2010-02-28 : 09:08:57
|
| do you have control over client db? if yes, you can encrypt it once you do transfer------------------------------------------------------------------------------------------------------SQL Server MVPhttp://visakhm.blogspot.com/ |
 |
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-28 : 09:12:24
|
| 1. We keep each of our Sprocs in a separate SQL file on the disk, (and have the additional benefit of using SVN version control to mange the files). We make the release scripts from those disk files, and not from the database.2. You can't. The encryption is very weak. It will prevent the naive viewer and, more important from our perspective, it will prevent someone changing the Sproc and "altering" it, but it won't prevent someone stealing your source code. |
|
|
|
plutodev
Starting Member
4 Posts |
Posted - 2010-02-28 : 09:48:23
|
| I don't have control over my client's database. I just give them an encrypted script. but how ???I cannot keep my Stored procedure in a separate SQL file on the disk. because i have many store procedures and users. And it's difficult to manage the file.If the encryption from microsoft is very weak. what's the solution, so my stored procedure cannot be stealed/viewed/changingThanks in advance |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-28 : 10:12:36
|
| If you have many stored procedures and many users then storing on Disk is definitely the solution - using a proper revision control system!To encrypt a procedure in the script you put:CREATE PROCEDURE xxx...WITH ENCRYPTIONAS...The only other way to secure your source code is through licence agreement, or by hosting the database for the customer (so that they never have access to it) |
|
|
|
plutodev
Starting Member
4 Posts |
Posted - 2010-02-28 : 10:28:38
|
| I cannot hosting the database for the customer, because customer sometimes access the database for query data. your reply ->To encrypt a procedure in the script you put:CREATE PROCEDURE xxx...WITH ENCRYPTIONAS...I can't do this because content of this file. my customer can see my screet logic, (below as).I want this script is encryptedfor example exec(decrypt("asd3242readsfa3324234")) -> generated by SQL server 7.But if i generate encrypted stored procedure with sql 7. the generated script can be run on sql 2000, 2005, but can not be run in sql 2008. message error -> incorrect syntax near decrypt. how to fixed this problem ?so my generated script from sql 7 can be run in sql 2008.feature for generate encrypted stored procedure, only in enterprise sql server version 7.00since sql version 2000 above, this feature does not exists.Thanks in advance. |
|
|
|
GilaMonster
Master Smack Fu Yak Hacker
4507 Posts |
Posted - 2010-02-28 : 11:45:41
|
| I'm with Kristen. Licence agreements or hosted servers. If your code is that secret, you should be hosting the server and allowing the clients limited access.There is no way to put stored procs into SQL in a way that they cannot be decrypted. After all, the database engine has to be able to decrypt them in order to run them. The WITH ENCRYPTION is harder to crack in 2005/2008 than it was in 2000, but it's still reasonably trivial for someone with sysadmin permissions--Gail ShawSQL Server MVP |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-28 : 12:32:27
|
Can you run the scripts on the client's machine (instead of sending them to the client?)Or put the scripts in an EXE that the client can run?However, the client can still run SQL Profiler in order to capture the script  You will have to work on the basis that a) you have to trust your client and b) your client realises that there will be huge damage to your company if, because of his/her company's actions, your Intellectual Property is lost/stolen. Your licence agreement can say that ... although it may be hard to enforce if your client is much bigger than you are. |
|
|
|
plutodev
Starting Member
4 Posts |
Posted - 2010-02-28 : 18:38:28
|
| there is a tools can do this<edited out link>but the price is very very expensive... because of I have many clientscan any one find the crack or serial no ? |
|
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2010-02-28 : 19:03:24
|
| we don't crack software here. there are many professionals here who expect to get PAID for their services. don't solicit illegal activity on this forum! thank you. |
|
|
|
blindman
Master Smack Fu Yak Hacker
2365 Posts |
Posted - 2010-03-05 : 10:21:10
|
| Help him find a crack to break into software that will allow him to encrypt his own software.Precious....________________________________________________If it is not practically useful, then it is practically useless.________________________________________________ |
|
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2010-03-05 : 10:54:05
|
quote:
Originally posted by blindman
Help him find a crack to break into software that will allow him to encrypt his own software.Precious....________________________________________________If it is not practically useful, then it is practically useless.________________________________________________
Pretty ironic. |
|
|
|
jet1337
Starting Member
11 Posts |
Posted - 2010-03-16 : 03:18:59
|
| haha he is on wrong forumASPnix.com |
|
|
|
|
Encrypted stored procedure