I encrypt my procedures using with encryption clause, but I do not how to decrypt again.
Is there a command or utility for encrypt and decrypt in Sql 2000? How about Sql 2005?
Thanks
Haydee
Decryption is weak and can be cracked by searching on google for the specific algorithms, there was a thread sometime ago, which might be useful to you:
http://groups.google.de/group/comp.databases.ms-sqlserver/browse_frm/thread/34b309b76ba574b4
HTH, Jens Suessmeyer.
http://www.sqlserver2005.de
|||Jens is right, the procedure encryption is actually referred to as obfuscation in Books Online. Also, there is no SQL Server command for decrypting it back.
Thanks
Laurentiu
Thanks for your comments
and is there a tool in Sql Server 2005 in order to protect the code? What can I do? I need to install a project in the customer, and I would like to protect it.
Thanks again for your help.
Haydee
|||You could use third party components to accomplish this, there sure can be found some by searching in google for them.HTH, Jens Suessmeyer. http://www.sqlserver2005.de
HI,
I am using MSDE 2000 and I will be deploying it with my software application. I have invested a good bit into my database schema and I don't want it to be viewed by others.
I can not see why some user can not take the .mdf (multiple mdf's actually) and sp_AttachDB or attach them to their instanced SQL server using EM. I of course do not want this.
Maybe someone can clear up the limitations and types of SQL security that can assure no one can simply attach the MDF to see the structure, let alone the data.
As far as I can see there is Network security as to authentication for a live/instanced SQL server and this has no ability to prevent an MDF from being re-attached and viewed/queried.
I also see EncryptByPassPhrase which I can use prior to executing a query (if I understand this process which is data remains in encrypted state until its about to be used, then decrypted in memory (I presume ? otherwise someone could grab a snapshot of the mdf while it's in decrypted state ? {or SQL server has a temp region when using encryption where it places the decrypted data I take it}) and then I have to encrypt it again after processing.
Neither of these look like they can obfuscate or lock the db schema information, such as table names, structures, fields, field types/attributes etc.
Sooooooo.....
How can I prevent a user from seeing the underlying table structures and does anyone know if column encryption will cost me 10 years off my life time wise on large data sets ?
Thanks
|||See this recent thread for a discussion of this topic:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=371562&SiteID=1
Thanks
Laurentiu
The only feature for protecting code in SQL Server is the WITH ENCRYPTION clause that we discussed so far. It is weak not necessarily because the encryption is weak (it uses RC4), but because the encryption key can be easily found. An attacker will focus on finding the encryption key rather than breaking the encryption algorithm in such a solution. This is a general problem and for any solution you consider, you should look at how easy it is for someone to find the encryption key.
This is basically a DRM solution, and I have talked about the difficulty of creating an unbreakable DRM solution on other threads, more recently in:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=371562&SiteID=1
Thanks
Laurentiu
No comments:
Post a Comment