SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2008 Forums
 Other SQL Server 2008 Topics
 Encrypted stored procedure
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

plutodev
Starting Member

4 Posts

Posted - 02/28/2010 :  08:58:46  Show Profile  Reply with Quote
I code my logic in stored procedure,
I don't want my client can see my logic
so, I create my stored procedure with encryption.

but i have some problems

1. How to transfer my encrypted stored procedure to my client.
because I cannot generante sql script from management studio because of encryption.

and

2. how to prevent the tools that can decrypt my encrypted stored procedure. because many tools can do this


thanks in advance



visakh16
Very Important crosS Applying yaK Herder

India
52317 Posts

Posted - 02/28/2010 :  09:08:57  Show Profile  Reply with Quote
do you have control over client db? if yes, you can encrypt it once you do transfer

------------------------------------------------------------------------------------------------------
SQL Server MVP
http://visakhm.blogspot.com/

Go to Top of Page

Kristen
Test

United Kingdom
22415 Posts

Posted - 02/28/2010 :  09:12:24  Show Profile  Reply with Quote
1. We keep each of our Sprocs in a separate SQL file on the disk, (and have the additional benefit of using SVN version control to mange the files). We make the release scripts from those disk files, and not from the database.

2. You can't. The encryption is very weak. It will prevent the naive viewer and, more important from our perspective, it will prevent someone changing the Sproc and "altering" it, but it won't prevent someone stealing your source code.
Go to Top of Page

plutodev
Starting Member

4 Posts

Posted - 02/28/2010 :  09:48:23  Show Profile  Reply with Quote
I don't have control over my client's database. I just give them an encrypted script. but how ???

I cannot keep my Stored procedure in a separate SQL file on the disk. because i have many store procedures and users. And it's difficult to manage the file.

If the encryption from microsoft is very weak. what's the solution, so my stored procedure cannot be stealed/viewed/changing

Thanks in advance

Go to Top of Page

Kristen
Test

United Kingdom
22415 Posts

Posted - 02/28/2010 :  10:12:36  Show Profile  Reply with Quote
If you have many stored procedures and many users then storing on Disk is definitely the solution - using a proper revision control system!

To encrypt a procedure in the script you put:

CREATE PROCEDURE xxx
...
WITH ENCRYPTION
AS
...

The only other way to secure your source code is through licence agreement, or by hosting the database for the customer (so that they never have access to it)
Go to Top of Page

plutodev
Starting Member

4 Posts

Posted - 02/28/2010 :  10:28:38  Show Profile  Reply with Quote
I cannot hosting the database for the customer, because customer sometimes access the database for query data.

your reply ->
To encrypt a procedure in the script you put:
CREATE PROCEDURE xxx
...
WITH ENCRYPTION
AS
...

I can't do this because content of this file. my customer can see my screet logic, (below as).

I want this script is encrypted
for example exec(decrypt("asd3242readsfa3324234")) -> generated by SQL server 7.

But if i generate encrypted stored procedure with sql 7. the generated script can be run on sql 2000, 2005, but can not be run in sql 2008. message error -> incorrect syntax near decrypt.
how to fixed this problem ?
so my generated script from sql 7 can be run in sql 2008.

feature for generate encrypted stored procedure, only in enterprise sql server version 7.00
since sql version 2000 above, this feature does not exists.

Thanks in advance.

Go to Top of Page

GilaMonster
Flowing Fount of Yak Knowledge

South Africa
4507 Posts

Posted - 02/28/2010 :  11:45:41  Show Profile  Visit GilaMonster's Homepage  Reply with Quote
I'm with Kristen. Licence agreements or hosted servers. If your code is that secret, you should be hosting the server and allowing the clients limited access.

There is no way to put stored procs into SQL in a way that they cannot be decrypted. After all, the database engine has to be able to decrypt them in order to run them. The WITH ENCRYPTION is harder to crack in 2005/2008 than it was in 2000, but it's still reasonably trivial for someone with sysadmin permissions

--
Gail Shaw
SQL Server MVP
Go to Top of Page

Kristen
Test

United Kingdom
22415 Posts

Posted - 02/28/2010 :  12:32:27  Show Profile  Reply with Quote
Can you run the scripts on the client's machine (instead of sending them to the client?)

Or put the scripts in an EXE that the client can run?

However, the client can still run SQL Profiler in order to capture the script

You will have to work on the basis that a) you have to trust your client and b) your client realises that there will be huge damage to your company if, because of his/her company's actions, your Intellectual Property is lost/stolen. Your licence agreement can say that ... although it may be hard to enforce if your client is much bigger than you are.

Edited by - Kristen on 02/28/2010 12:34:36
Go to Top of Page

plutodev
Starting Member

4 Posts

Posted - 02/28/2010 :  18:38:28  Show Profile  Reply with Quote
there is a tools can do this

<edited out link>

but the price is very very expensive... because of I have many clients

can any one find the crack or serial no ?


Edited by - tkizer on 02/28/2010 19:28:33
Go to Top of Page

russell
Pyro-ma-ni-yak

USA
5072 Posts

Posted - 02/28/2010 :  19:03:24  Show Profile  Visit russell's Homepage  Reply with Quote
we don't crack software here. there are many professionals here who expect to get PAID for their services. don't solicit illegal activity on this forum! thank you.
Go to Top of Page

blindman
Flowing Fount of Yak Knowledge

USA
2365 Posts

Posted - 03/05/2010 :  10:21:10  Show Profile  Reply with Quote
Help him find a crack to break into software that will allow him to encrypt his own software.

Precious....

________________________________________________
If it is not practically useful, then it is practically useless.
________________________________________________
Go to Top of Page

russell
Pyro-ma-ni-yak

USA
5072 Posts

Posted - 03/05/2010 :  10:54:05  Show Profile  Visit russell's Homepage  Reply with Quote
quote:
Originally posted by blindman

Help him find a crack to break into software that will allow him to encrypt his own software.

Precious....

________________________________________________
If it is not practically useful, then it is practically useless.
________________________________________________



Pretty ironic.
Go to Top of Page

jet1337
Starting Member

11 Posts

Posted - 03/16/2010 :  03:18:59  Show Profile  Visit jet1337's Homepage  Reply with Quote
haha he is on wrong forum

ASPnix.com
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.12 seconds. Powered By: Snitz Forums 2000