Posted by Mike Epprecht \(SQL MVP\) on 11/05/05 22:31

Hi

Nothing has changed in this area.

Microsoft has never said that this feature is secure. With SQL Server 2005
you can set granular security so not everyone can get to the text of a
procedure.

If I get an application that encrypts it's SP, I will generally be more
inquisitive as to why it was done, and in the name of ensuring that the
procedure does not execute any code that could harm the system or the
corporate security, I will decrypt it and see what it is doing. Business
logic belongs in the middle tier, not the DB.

Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland

IM: mike@epprecht.net

MVP Program: http://www.microsoft.com/mvp

Blog: http://www.msmvps.com/epprecht/

"helmut woess" <hw@iis.at> wrote in message
news:55221fc8799f.1cbqe7zcjsjh4.dlg@40tude.net...
> Hi,
>
> has anybody knowledge about the safetyness of encrypting stored procs in
> SQL-Server 2005 using WITH ENCRYPTION? Or can they be hacked with the same
> old tools which exists for SQL 2000?
>
> thanks,
> Helmut

• Next in forum: Re: is WITH ENCRYPTION now safe in SQL2005?
• Prev in forum: Re: stored procedure
• Thread view: Re: is WITH ENCRYPTION now safe in SQL2005?

[Reply to this message]