Database objects security RRS feed

  • Question

  • We are looking for a robust failproof security for securing database objects ( stored procedures, functions, views and trigger definitions)

    We are aware that implementing simple encryption of database objects does not provide full proof solutions as the same can be decrypted using third party tools

    Kindly provide some useful links / documents with suggested solutions

    Wednesday, June 20, 2018 11:36 AM

All replies

  • Your question is more about protecting intellectual property rather than security. For IP protection, about the best you can do is cover that in your license agreement and perhaps obfuscate objects. I'm not aware of third party products that can do what you want since it is ultimately SQL Server that will need to parse and compile the code.

    Dan Guzman, Data Platform MVP, http://www.dbdelta.com

    Wednesday, June 20, 2018 11:45 AM
  • I wouldn't think it would be *that* easy for a malicious hacker to decrypt object level encryption of code objects, provided it is implemented properly:
    Encrypting and Decrypting SQL Server Stored Procedures, Views and User Defined Functions

    After all, nothing is 100% foolproof. All you're doing with any security measure is attempting to raise the barrier high enough that the difficulty level discourages would-be hackers.


    Phil Streiff, MCDBA, MCITP, MCSA

    • Edited by philfactor Wednesday, June 20, 2018 9:35 PM
    Wednesday, June 20, 2018 3:21 PM
  • The only option is to host the application yourself or offering as a SaaS solution at a cloud service where only your organisation has admin access. Once you install the code at a customer site, they can look as much as they want on it. However, you can install everything WITH ENCRYPTION and then write in to he license agreement that may not reverse engineer. I can't guarantee that all customers will agree to that clause, though.

    Wednesday, June 20, 2018 9:45 PM