tags:

views:

201

answers:

3
+1  Q: 

Drawbacks to SQL Server 2005+ object encryption?

For a database that is shipped with a remotely deployed product, are there any drawbacks to encrypting all code objects (procs, functions, views) via the WITH ENCRYPTION clause in MS SQL Server 2005 and 2008?

The advantages are a deterrent to "custom" changes in the field that solve one need while creating many more. The goal is not to protect IP or data, but to help prevent unauthorized code changes when the rights to alter objects cannot be managed (the security is out of the developers hands, but the responsibility to fix issues caused by others is).

What new problems could be caused by taking this approach?

+2  A: 

Microsoft created this feature specifically for this purpose. The only drawback I can see is that the protection is weak; it can be circumvented by publically available scripts, and SQL Profiler can be used to view the clear text of the decrypted procedures. But it should still act as an effective deterrent.

Robert Harvey  2009-05-28 17:09:04
I am certain I read some docs about Profiler and encrypted objects, but cannot locate them now. Did you use a DAC when profiling to make the details visible?
MattK  2009-05-28 18:03:42
Robert Harvey  2009-05-28 18:18:02
I actually haven't done it myself. Are your users sophisticated enough (or masochistic enough) to figure it out?
Robert Harvey  2009-05-28 18:22:39
Also see here: http://searchwindevelopment.techtarget.com/tip/0,289483,sid8_gci841704_mem1,00.html
Robert Harvey  2009-05-28 18:22:49
Sophisticated/Masochistic does not quite describe the problem, and it is often not the end users. Sometime people closer to the shop will go out of their way to _not_ ask for help in deploying the correct solution to a problem.
MattK  2009-05-28 18:30:11
I don't think Profiler shows the decrypted text. This was a problem we had when debugging. We had to unencrypt everything to get a better experience in Profiler.
Matt Spradley  2009-05-28 18:54:07
A: 

We implemented encryption in an enterprise product that we deployed to 200+ sites for the reasons you indicated and to deter reverse engineering.

In our case, it was more trouble than it was worth. Our clients never really changed anything and it made it difficult for us to debug issues in the field. Profiler does not give you the detail needed when everything is encrypted. We would often have to load an unencrypted version of our SPROCs etc. to debug issues.

Also, it makes it harder to varify your schema is consistant with the version you are expecting. Most differencing tools can't diff encrypted objects.

Matt Spradley  2009-05-28 17:30:55
A: 

You are down the wrong path. WITH ENCRYPTION is an obsolete option from the SQL 2000 days. The ways around it are well known and can be discovered by anyone with minimal google search skills. The proper way is to use code signing. Best way is to create a certificate, sign the procedures, then drop the private key. This way nobody, not even you, can change code afterward without destroying the signatures. This does not prevent anybody from modifying the procedures, but once modified they destroy the signature seal and the tampering is evident. You can take it one step further and make sure the procedures in themselves have no authority to execute their purpose (ie. cannot read the tables the try to access) but the authority is derived from their signatures (the certificate used to sign them is granted the needed rights). This way if they tamper with the code not only they destroy the seal, they also cause the system to halt. Explaining the consequences of these actions is usually a strong enough deterrent.

Remus Rusanu  2009-05-28 20:00:15
Thanks for the typical "Let me Google that for you" response by answering a question I did not ask. The encryption strength nor the ability to detect changes is not the issue. The question was about potential problems caused by code encryption, in an environment where we do not have any path to apply consequences for unauthorized changes.
MattK  2009-05-28 20:23:41
In a public forum an answer is read by many. If is of no use to you, I could not care less. And no, I don't have to google for features I was so closely involved with...
Remus Rusanu  2009-05-28 20:47:33

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?