One question, I have some custom functions and procedures, and I do not want my client (who has access to the bank) to mess with their script. Does anyone know of any native way of MSSQL to encrypt these codes?
One question, I have some custom functions and procedures, and I do not want my client (who has access to the bank) to mess with their script. Does anyone know of any native way of MSSQL to encrypt these codes?
If you need something that you gave the customer is secret, you have already lost this game of cat and mouse. In fact you were already defeated before the game even started.
The article itself in comments shows how trivial to decrypt functions and procedures encrypted with WITH_ENCRYPTION
. And with write access to the database, your client can edit the logic at will. If he is not worried about keeping his logic, he does not even need to decrypt his, just overwrite with a new logic without reading the old one.
One could suggest that if you want to keep your bank logic intact, you can keep the queries in the application. Aside from being less performative than having functions and procedures in the database, there is no source code that can not be decompiled , so we end up back to square one.
If you do not want your logic to be read or changed, the only way is to sell service instead of code. Keep the application and the database on a server that only you have access to. Any other solution they offer you is snake oil.