We have an application that relies on some pretty interesting and complex MS SQL stored procedures. Now we want to use the database with those procedures in a shared environment. Is there a way to secure/encrypt/whatever so that the contents of those stored procs cannot be read (copied) by the server administrator?
我们的应用程序依赖于一些非常有趣和复杂的MS SQL存储过程。现在,我们希望在共享环境中对这些过程使用数据库。是否有一种方法来保护/加密/无论什么,以便服务器管理员不能读取(复制)这些存储的procs的内容?
3 个解决方案
#1
4
No, a sysadmin can always get the text of a stored procedure.
不,系统管理员总是可以获得存储过程的文本。
#2
2
You can create a procedure WITH ENCRYPTION but this only protects you from casual prying (it's not really encryption in the strictest sense, more like obfuscation), since there are many resources online that will show you how to decrypt.
您可以创建一个带有加密的程序,但这只会保护您不受随意的窥探(这不是严格意义上的加密,更像是混淆),因为在线上有许多资源可以向您展示如何解密。
If you have important business logic, put it into CLR. That will protect you from some of the prying, but a determined person will still find a way to decompile your stuff.
如果您有重要的业务逻辑,请将其放入CLR中。这将保护你免受一些窥探,但一个坚定的人仍然会找到一种方法来分解你的东西。
#3
0
You can obfuscate the text with the WITH ENCRYPTION clause but this isn't true encryption. You could also go the CLR route which essentially calls a DLL but I think this could have performance implications.
您可以使用带有加密子句的文本来混淆文本,但这不是真正的加密。您也可以使用CLR路径,它本质上调用一个DLL,但是我认为这可能具有性能影响。
I dont think you should give sa access to anyone you don't trust enough to view stored procedure code, and if your code is really so top-secret I wonder why you're even using a shared hosting environment in the first place?
我认为你不应该给任何你不信任的人去查看存储过程代码,如果你的代码真的是绝密的话,我想知道你为什么要使用共享宿主环境。
If you can't get out of the shared environment, at least try and get your own instance which only you have sa access to.
如果您无法离开共享环境,至少尝试获得只有sa访问的自己的实例。
#1
4
No, a sysadmin can always get the text of a stored procedure.
不,系统管理员总是可以获得存储过程的文本。
#2
2
You can create a procedure WITH ENCRYPTION but this only protects you from casual prying (it's not really encryption in the strictest sense, more like obfuscation), since there are many resources online that will show you how to decrypt.
您可以创建一个带有加密的程序,但这只会保护您不受随意的窥探(这不是严格意义上的加密,更像是混淆),因为在线上有许多资源可以向您展示如何解密。
If you have important business logic, put it into CLR. That will protect you from some of the prying, but a determined person will still find a way to decompile your stuff.
如果您有重要的业务逻辑,请将其放入CLR中。这将保护你免受一些窥探,但一个坚定的人仍然会找到一种方法来分解你的东西。
#3
0
You can obfuscate the text with the WITH ENCRYPTION clause but this isn't true encryption. You could also go the CLR route which essentially calls a DLL but I think this could have performance implications.
您可以使用带有加密子句的文本来混淆文本,但这不是真正的加密。您也可以使用CLR路径,它本质上调用一个DLL,但是我认为这可能具有性能影响。
I dont think you should give sa access to anyone you don't trust enough to view stored procedure code, and if your code is really so top-secret I wonder why you're even using a shared hosting environment in the first place?
我认为你不应该给任何你不信任的人去查看存储过程代码,如果你的代码真的是绝密的话,我想知道你为什么要使用共享宿主环境。
If you can't get out of the shared environment, at least try and get your own instance which only you have sa access to.
如果您无法离开共享环境,至少尝试获得只有sa访问的自己的实例。