| Author |
 Topic  |
|
|
plutodev
Starting Member
4 Posts |
 Posted - 02/28/2010 : 08:58:46
|
I code my logic in stored procedure,
I don't want my client can see my logic
so, I create my stored procedure with encryption.
but i have some problems
1. How to transfer my encrypted stored procedure to my client.
because I cannot generante sql script from management studio because of encryption.
and
2. how to prevent the tools that can decrypt my encrypted stored procedure. because many tools can do this
thanks in advance
|
|
|
visakh16
Very Important crosS Applying yaK Herder
India
48012 Posts |
Posted - 02/28/2010 : 09:08:57
|
do you have control over client db? if yes, you can encrypt it once you do transfer
------------------------------------------------------------------------------------------------------
SQL Server MVP
http://visakhm.blogspot.com/
|
 |
|
|
Kristen
Test
United Kingdom
22191 Posts |
Posted - 02/28/2010 : 09:12:24
|
1. We keep each of our Sprocs in a separate SQL file on the disk, (and have the additional benefit of using SVN version control to mange the files). We make the release scripts from those disk files, and not from the database.
2. You can't. The encryption is very weak. It will prevent the naive viewer and, more important from our perspective, it will prevent someone changing the Sproc and "altering" it, but it won't prevent someone stealing your source code. |
|
|
|
plutodev
Starting Member
4 Posts |
Posted - 02/28/2010 : 09:48:23
|
I don't have control over my client's database. I just give them an encrypted script. but how ???
I cannot keep my Stored procedure in a separate SQL file on the disk. because i have many store procedures and users. And it's difficult to manage the file.
If the encryption from microsoft is very weak. what's the solution, so my stored procedure cannot be stealed/viewed/changing
Thanks in advance
|
|
|
|
Kristen
Test
United Kingdom
22191 Posts |
Posted - 02/28/2010 : 10:12:36
|
If you have many stored procedures and many users then storing on Disk is definitely the solution - using a proper revision control system!
To encrypt a procedure in the script you put:
CREATE PROCEDURE xxx
...
WITH ENCRYPTION
AS
...
The only other way to secure your source code is through licence agreement, or by hosting the database for the customer (so that they never have access to it) |
|
|
|
plutodev
Starting Member
4 Posts |
Posted - 02/28/2010 : 10:28:38
|
I cannot hosting the database for the customer, because customer sometimes access the database for query data.
your reply ->
To encrypt a procedure in the script you put:
CREATE PROCEDURE xxx
...
WITH ENCRYPTION
AS
...
I can't do this because content of this file. my customer can see my screet logic, (below as).
I want this script is encrypted
for example exec(decrypt("asd3242readsfa3324234")) -> generated by SQL server 7.
But if i generate encrypted stored procedure with sql 7. the generated script can be run on sql 2000, 2005, but can not be run in sql 2008. message error -> incorrect syntax near decrypt.
how to fixed this problem ?
so my generated script from sql 7 can be run in sql 2008.
feature for generate encrypted stored procedure, only in enterprise sql server version 7.00
since sql version 2000 above, this feature does not exists.
Thanks in advance.
|
|
|
|
GilaMonster
Flowing Fount of Yak Knowledge
South Africa
4507 Posts |
Posted - 02/28/2010 : 11:45:41
|
I'm with Kristen. Licence agreements or hosted servers. If your code is that secret, you should be hosting the server and allowing the clients limited access.
There is no way to put stored procs into SQL in a way that they cannot be decrypted. After all, the database engine has to be able to decrypt them in order to run them. The WITH ENCRYPTION is harder to crack in 2005/2008 than it was in 2000, but it's still reasonably trivial for someone with sysadmin permissions
--
Gail Shaw
SQL Server MVP |
|
|
|
Kristen
Test
United Kingdom
22191 Posts |
Posted - 02/28/2010 : 12:32:27
|
Can you run the scripts on the client's machine (instead of sending them to the client?)
Or put the scripts in an EXE that the client can run?
However, the client can still run SQL Profiler in order to capture the script 
You will have to work on the basis that a) you have to trust your client and b) your client realises that there will be huge damage to your company if, because of his/her company's actions, your Intellectual Property is lost/stolen. Your licence agreement can say that ... although it may be hard to enforce if your client is much bigger than you are. |
Edited by - Kristen on 02/28/2010 12:34:36 |
|
|
|
plutodev
Starting Member
4 Posts |
Posted - 02/28/2010 : 18:38:28
|
there is a tools can do this
<edited out link>
but the price is very very expensive... because of I have many clients
can any one find the crack or serial no ?
|
Edited by - tkizer on 02/28/2010 19:28:33 |
|
|
|
russell
Pyro-ma-ni-yak
USA
5037 Posts |
Posted - 02/28/2010 : 19:03:24
|
| we don't crack software here. there are many professionals here who expect to get PAID for their services. don't solicit illegal activity on this forum! thank you. |
|
|
|
blindman
Flowing Fount of Yak Knowledge
USA
2365 Posts |
Posted - 03/05/2010 : 10:21:10
|
Help him find a crack to break into software that will allow him to encrypt his own software.
Precious....
________________________________________________
If it is not practically useful, then it is practically useless.
________________________________________________ |
|
|
|
russell
Pyro-ma-ni-yak
USA
5037 Posts |
Posted - 03/05/2010 : 10:54:05
|
quote:
Originally posted by blindman
Help him find a crack to break into software that will allow him to encrypt his own software.
Precious....
________________________________________________
If it is not practically useful, then it is practically useless.
________________________________________________
Pretty ironic. |
|
|
|
jet1337
Starting Member
11 Posts |
Posted - 03/16/2010 : 03:18:59
|
haha he is on wrong forum
ASPnix.com |
|
|
| |
Topic |
|
Encrypted stored procedure
