Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / Programming / SQL / July 2008

Tip: Looking for answers? Try searching our database.

Secure a stored procedure and/or view

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Dan Shepherd - 17 Jul 2008 20:45 GMT
Is there a way to create both stored procedures and/or views that are not
editable?  I.E. - a user cannot alter or see the code inside the procedure
itself?
Reply to this Message
Denny Cherry - 17 Jul 2008 20:57 GMT
Yes, you can use the WITH ENCRYPTION setting when you create the
procedure and view.  However the encryption algorithm being used is
well known, and it's very easy to reverse engineer the procedure/view
code.

Denny

>Is there a way to create both stored procedures and/or views that are not
>editable?  I.E. - a user cannot alter or see the code inside the procedure
>itself?
Reply to this Message
Aaron Bertrand [SQL Server MVP] - 17 Jul 2008 20:58 GMT
You can create a procedure with encryption, it is not 100% effective but it
will keep out the casual person.

In SQL Server 2005 you can leverage the CLR and have some of your logic in
assemblies.  Not necessarily the best for performance, but you will have to
decide that trade-off for yourself.

Better yet is to not give such rights to users you don't trust.  :-)

On 7/17/08 3:45 PM, in article
050257D4-5170-4BCA-953F-CBEE29E4EDA3@microsoft.com, "Dan Shepherd"
<DanShepherd@discussions.microsoft.com> wrote:

> Is there a way to create both stored procedures and/or views that are not
> editable?  I.E. - a user cannot alter or see the code inside the procedure
> itself?
Reply to this Message
Eric Russell - 17 Jul 2008 21:36 GMT
Well, what type of user?
In SQL Server 2000, by default, a user cannot alter a database object,
unless you add them to the sysadmin or DBO role, but they can still view the
schema using sp_helptext. In SQL Server 2005, a user by default cannot view
schema either unless you grant them ownership or VIEW DEFINITION permission,
etc.
Ideally, you should grant application users (as opposed to developers or
power users) only exec permission to those specific stored procedures they
need access to so they don't have the liberty of perusing objects the
database.

> Is there a way to create both stored procedures and/or views that are not
> editable?  I.E. - a user cannot alter or see the code inside the procedure
> itself?
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.