I have a database product that is sold to outside companies. All of the stored procedures in the original database where compiled "With Encryption", so that our customers cannot view the business logic.
From time to time, we need to send an update to these customers, with changes to the stored procedures (for example, customization, debugging, etc.). I need to know how I can send a script file to my customers that will update the stored procedure, but prevent them from viewing it.
It seems like this must be a fairly common thing that companies need to do, but I am having no luck in finding out how to do this. Any help would be appreciated.
asked Mar 09, 2010 at 05:03 PM in Default
I have seen some companies that compile an exe that will run all of the scripts that need to be updated. However, once you provide the script to them to be updated on their server, they will be able to view it. There are plenty of methods to decrypt an encrypted stored procedure.
answered Mar 09, 2010 at 05:11 PM
+1 @CirqueDeSQLeil - encrypted stored procedures should really be named 'barely hidden' stored procedures.
However, if you are just wanting to stop the casual observer, then you could do something like this, which is actually really cheesy:
You could put it in an EXE (thus the +1 at Cirque).
Or you could make a CLR procedure to do it, and distribute the assembly.
All of these methods can and will be broken by anyone who is really interested in looking. Especially seeing as the place they will end up is about as secure as Somalia's coastline.
answered Mar 09, 2010 at 05:25 PM
Matt Whitfield ♦♦