Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Steve2106
Posting Yak Master
183 Posts |
 Posted - 2012-05-17 : 13:11:20
|
| Hi There,Can someone help me please.Is there a way to protect my database.I have developed an asp.net web application and a client wants to install it on their own server. Normally for me to create the database I run an Sql Script file but for the client I would like to be able to run an installer that creates the database and tables but does not give them access to the database structure, tables, stored procedures etc.Can that be done?Thanks for any help you can give.Best regards,Steve |
|
|
vijays3
Constraint Violating Yak Guru
354 Posts |
Posted - 2012-05-17 : 14:57:05
|
| [code]You can use WITH ENCRYPTION on stored procedures, views and functionswhen you create your objects. However, decryption methods can easilybe found on the web, so it gives no real protection. The main pointwith encrypting objects is to inform people that they are supposedto keep their nose out, so they don't wander just by chance intoyour code.[/code]Vijay is here to learn something from you guys. |
 |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2012-05-17 : 15:12:00
|
| As far as seeing your structure, it's on their server, so you can't prevent them from seeing it. The only way to truly protect you database and code with with a license agreement. Hire a lawyer to craft one for you and make sure they are familiar with software licensing and intellectual property law. As long as the license agreement protects your rights your client cannot legally modify your database or use it for their own purposes. If the client won't sign the agreement, don't do business with them. |
|
|
|
Steve2106
Posting Yak Master
183 Posts |
Posted - 2012-05-18 : 03:21:59
|
| Hi There,Thanks for the replies.We do have a signed license agreement but we do not know if they are changing or reusing our product elsewhere. We have no control and I was wondering if there was a way to keep control.All the best,Steve |
|
|
|
Lumbago
Norsk Yak Master
3271 Posts |
Posted - 2012-05-18 : 04:27:21
|
| The only way to keep your code secure is to not let them install it on their own servers. The encryption-stuff is a real pain in the a$$ for everyone (including you) so you should really stay away from it. What most companies do is to keep the sensitive/complex part of their business logic in the compiled application code and then use the database for the less senitive stuff and as a storage medium.- LumbagoMy blog-> http://thefirstsql.com/2011/07/08/how-to-find-gaps-in-identity-columns-at-the-speed-of-light/ |
|
|
|
|
|
|
|
|
Protecting a database