SQL Server加过密的存储过程可以被解密?
2005-01-14 14:47
375 查看
1. Protecting the stored procedure and making it totally non-decryptable is technically impossible. There has to be a way to reverse it so that SQL Server can generate the execution plan and execute the query.
2. The Encryption that SQL Server is offering is “obfuscation“. Obfuscation allows the stored procedures to be used by database end-users while making it more difficult for those end users to view or change the contents of the stored procedures. In order to execute the stored procedures, SQL Server must have access to the original source form of the stored procedures. As a result, a determined SQL Server system administrator could obtain access to the source form of the stored procedures (although non-system administrators do not have this ability). Because the obfuscation feature is not intended to protect the source form of stored procedures from being copied or viewed by a determined SQL Server administrator, one should not rely solely on the feature for that purpose.
3. Obfuscation of stored procedure is similar to what other database vendors offer. It is true that there exists utilities to decrypt procedures protected by obfuscation, and this is similar there also exists decompiles for Java as well. The point is, if one can run the code and get access to an executable form, it's always technically possible to reverse engineer the code.
4. An alternative you may want to try is to use extended stored procedures and DLL. By creating a DLL version of the code, makes it harder to break but it is still possible to reverse-engineer a DLL.
5. The protection that is available for all software development firm interested in protecting their asset are same across all data products:
a. Obfuscation.
b. Legal Protection (Copy write, patents, etc).
It is not possible to depend only upon either one of these two core pillars of Intellectual Property protection.
2. The Encryption that SQL Server is offering is “obfuscation“. Obfuscation allows the stored procedures to be used by database end-users while making it more difficult for those end users to view or change the contents of the stored procedures. In order to execute the stored procedures, SQL Server must have access to the original source form of the stored procedures. As a result, a determined SQL Server system administrator could obtain access to the source form of the stored procedures (although non-system administrators do not have this ability). Because the obfuscation feature is not intended to protect the source form of stored procedures from being copied or viewed by a determined SQL Server administrator, one should not rely solely on the feature for that purpose.
3. Obfuscation of stored procedure is similar to what other database vendors offer. It is true that there exists utilities to decrypt procedures protected by obfuscation, and this is similar there also exists decompiles for Java as well. The point is, if one can run the code and get access to an executable form, it's always technically possible to reverse engineer the code.
4. An alternative you may want to try is to use extended stored procedures and DLL. By creating a DLL version of the code, makes it harder to break but it is still possible to reverse-engineer a DLL.
5. The protection that is available for all software development firm interested in protecting their asset are same across all data products:
a. Obfuscation.
b. Legal Protection (Copy write, patents, etc).
It is not possible to depend only upon either one of these two core pillars of Intellectual Property protection.
相关文章推荐
- Microsoft SQL Server 存储过程举例
- 【转】SQL_Server2000示例数据库NorthWind的存储过程和视图分析
- 修改存储过程插入自定义的SSIS SQL Server 日志信息
- 存储过程的基本操作(SQL Server Management Studio)
- MS SQL Server中数据表、视图、函数/方法、存储过程是否存在判断及创建
- 操作SQLSERVERAGENT服务的扩展存储过程.sql
- sql server service broker中调用存储过程执行跨库操作,不管怎么设置都一直提示 服务器主体 "sa" 无法在当前安全上下文下访问数据库 "dbname"。
- MS SQL Server 2005 通用分页存储过程
- MS SQL Server的存储过程签名
- MS sql server 判断表/视图/存储过程是否存在
- 几个在MS SQL Server处理IP的函数/存储过程
- SqlServer Dev(1) - 存储过程和自定义函数的区别
- MS SQL Server存储过程
- SQL SERVER存储过程批量插入数据库…
- MS sql server 判断表/视图/存储过程是否存在
- 获得SQL-server存储过程的返回值
- C++ 实现Microsoft SQL Server 2000 的扩展存储过程
- SQL Server中未公布的扩展存储过程注入
- MS SQLSERVER通用存储过程分页
- sql存储过程加密和解密(MSSQL)