SQL Server Security
Hi,
I wish to run a stored procedure which will verify a digital signature on some data and return a pass or fail.
Is there a way for me to ensure that the stored procedure returning the result is one created by me rather than one created by someone else that always returns a pass without checking the digital signature
I know i can encrypt stored procedures but these encryptions can be broken with a profiler/ debugger.
Thanks,
Ewen
Are you using SQL Server 2005 or SQl 2000. SQL 2k5 has much more functionality in encrypting the information from stored procedures.
Jens K. Suessmeyer.
Yes, there are no differences between SQL Server 2000 and SQL Server 2005 regarding procedure code obfuscation.
Can you tell us more about the scenario that you are trying to address
Thanks
Laurentiu
The idea is basically that i have written this stored procedure 'procA' which will check if some data (license information) is still valid. 'procA' will be called from within other stored procedures in the database and will determine if the user is allowed to continue or not depending on the return value.
I want to ensure that the client is using my version of 'procA' to check the data and have not replaced it with their own stored procedure they have called 'procA' which doesn't check this information and just returns a positive answer.
I see, you want to sell a time-restricted product.
Security in SQL Server protects authorized users against unauthorized users. What you are trying to achieve is protection of app vendors from unauthorized users. There is no security feature in SQL Server that can resolve the problem you're having.
Thanks
Laurentiu
Thought that might be the case but thought i would ask anyway. Thanks for your replies.
Ewen