locked
obfuscation of SQL Server deployments? RRS feed

  • Question

  • Any idea what kind of obfuscation MS supports for SQL deployments for
    the current generation of SQL Server (2008)?

    I am interested in developing a database and assorted packages which
    would be hosted on a client site, with the data available to the
    client and their applications, but the client should not be able to
    view the table definitions, stored procedures, or SSIS, SSRS, SSAS
    packages.

    Is this possible without locking the entire server down?
    Wednesday, October 26, 2011 6:51 PM

Answers

  • This was posted to some Usenet groups as well. I repeat my answer here:

    First of all, you need a license agreement that controls what the customer
    can do legally.

    But if you don't believe in legalese, and want something technical, no
    there is not much you can do. You can create stored procedures WITH
    ENCRYPTION, but that is only obfustication, and you can easily find
    code out there that gives you the clear text.

    You can hide table definitions from plain users, but not an administrator.
    You could deliver a pre-installed machine with all users etc, and not
    reveal the passwords for Administrator. But disk could be moved. You
    could put a seal on the machine, which at least would reveal that is
    has been tampered with and on.

    The only reasonable option is to host the machine outside the client's
    premises. On your own, on a hosting service, or for that matter in
    Azure.

    I should add that I don't know much about SSIS, SSRS and SSAS, but
    I see no reason that the same thing applies here.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    • Proposed as answer by amber zhang Friday, October 28, 2011 2:05 AM
    • Marked as answer by Stephanie Lv Thursday, November 3, 2011 6:31 AM
    Wednesday, October 26, 2011 10:22 PM