Reply to Re: is WITH ENCRYPTION now safe in SQL2005? — MsSQL Server

Posted by Mike Epprecht \(SQL MVP\) on 11/05/05 22:31

Hi

Nothing has changed in this area.

Microsoft has never said that this feature is secure. With SQL Server 2005
you can set granular security so not everyone can get to the text of a
procedure.

If I get an application that encrypts it's SP, I will generally be more
inquisitive as to why it was done, and in the name of ensuring that the
procedure does not execute any code that could harm the system or the
corporate security, I will decrypt it and see what it is doing. Business
logic belongs in the middle tier, not the DB.

Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland

IM: mike@epprecht.net

MVP Program: http://www.microsoft.com/mvp

Blog: http://www.msmvps.com/epprecht/

"helmut woess" <hw@iis.at> wrote in message
news:55221fc8799f.1cbqe7zcjsjh4.dlg@40tude.net...
> Hi,
>
> has anybody knowledge about the safetyness of encrypting stored procs in
> SQL-Server 2005 using WITH ENCRYPTION? Or can they be hacked with the same
> old tools which exists for SQL 2000?
>
> thanks,
> Helmut

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация