Doubt reg Security in SQL

[Sminair]

Hi All,
As of now we Know the way of Encrypting a stored procedure in SQL2000 by giving the code 'With Encryption' and the
code for decrypting the sp is also readily available in the Website. Can anyone help me with a more foolproof method wherein I can encrypt the sp with password. I mean to say that after i hve encrypted the sp with a password ,for decrypting the sp i shld need to pass the same password so that the sp can only be decrypted by the person who has encrypted it and not by anyone else.
Pls help me in this and the help is needed very urgently...
Thanks in Advance.

 

[NoCoolHandle]

No such thing (to the best of my knowledge)

I believe that if you crack the encryption you can get it out, but it is encrypted by sql with no built in way to retrieve it.

(I know an individule who did crack it, but I also know he won't share he is/was a Microsoft MVP and may have used some insider knowledge, but knowing him... it was just because he is brilliant..)


If you need to decrypt it, you need to save the encrpyted text before you create the proc in a seperate table that you use for such purposes.

This is by design. It is to protect developers from their clients as well as the client from their users.

Dot Net has some very good encryption features that give you total control of private keys etc.. You may want to look at that.

Sorry if this kills you hope to an easy solution but....

Rob

 

[NoCoolHandle]

Oh yeah..

If you encrypt the data in syscommnts using another encryption algo then as far as Sql is concerned, the proc doesn't exist. This is because SQL reads syscomments before you execute it (at least the first time it is brought back into the cache).

If sql doesn't understand the value, it won't run the proc (and you will proabably get an error of some description)

Rob

 

[Sminair]

Thanks Rob....
I think i shld check some other way out.