sityee
asked on
How to lock stored procedure
Hi,
May i know is there any method we can lock the stored procedure, even for the DBA (system administrator), where just the programmer can view the stored procedure only...
thnx,
sityee
May i know is there any method we can lock the stored procedure, even for the DBA (system administrator), where just the programmer can view the stored procedure only...
thnx,
sityee
Hi Sityee
There is no way to hide any object from the DBA. The DBA can see all objects and he can modify all the objects. If you want to prevent the DBA from looking at the stored procedure, you can build it with an encryption. This way no one will be able to see the stored procedure's code. Be aware that the developer won't be able to see it, so he must store the procedure's code somewhere else. One more thing that you'll need to take into consideration is that I had stored procedures that I found on the net that broke the encryption on 6.5 and 7 versions. I haven’t looked for something that brakes the encryption in 2000, but if there isn't one yet, then it is just a matter of time. In short, the encryption in SQL SERVER is not a good thing..
There is no way to hide any object from the DBA. The DBA can see all objects and he can modify all the objects. If you want to prevent the DBA from looking at the stored procedure, you can build it with an encryption. This way no one will be able to see the stored procedure's code. Be aware that the developer won't be able to see it, so he must store the procedure's code somewhere else. One more thing that you'll need to take into consideration is that I had stored procedures that I found on the net that broke the encryption on 6.5 and 7 versions. I haven’t looked for something that brakes the encryption in 2000, but if there isn't one yet, then it is just a matter of time. In short, the encryption in SQL SERVER is not a good thing..
ASKER CERTIFIED SOLUTION
![Avatar of Guy Hengel [angelIII / a3]](https://filedb.experts-exchange.com/files/public/2013/11/25/ddbe0ea6-aa6e-4279-b781-57b735dd3ea0.jpeg){kind=small}
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry, my suggestion answers a different, probably misinterpreted requirement.
hi AdiCohn:
I welcome you at EE.
As you locked the question, I would like to point to the EE guidelines about comments vs answers (see bottom of page). Although your comment is very good and you deserve the points, you should leave the choice to the questioner. I have seen many times my "good comment" to be the wrong answer, simply because the questioner wanted something else...
CHeers
I welcome you at EE.
As you locked the question, I would like to point to the EE guidelines about comments vs answers (see bottom of page). Although your comment is very good and you deserve the points, you should leave the choice to the questioner. I have seen many times my "good comment" to be the wrong answer, simply because the questioner wanted something else...
CHeers
Hi Angellll and all
Sorry I should have written it as a comment. Next time I'll do it the proper way
Adi
Sorry I should have written it as a comment. Next time I'll do it the proper way
Adi
Thanks
if @@USER <> 'SA' then return.
That doesn't work in SQL 7.
Alternative is:
if (select user_name())<>'dbo' return
Alternative is:
if (select user_name())<>'dbo' return
Dear: AdiCohn
I've rejected your proposed answer as Experts Exchange holds an experiment to work without the answer button.
See: https://www.experts-exchange.com/jsp/communityNews.jsp
Paragraph: Site Update for Wednesday, November 06, 2002
By this rejection the Asker will be notified by mail and hopefully he will take his responsibility to finalize the question or post an additional comment.
The Asker sees a button beside every post which says "Accept This Comment As Answer" (including rejected answers) -- so if he/she thinks yours is the best, you'll be awarded the points and the grade.
Thanks !
modulo
Community Support Moderator
Experts Exchange
I've rejected your proposed answer as Experts Exchange holds an experiment to work without the answer button.
See: https://www.experts-exchange.com/jsp/communityNews.jsp
Paragraph: Site Update for Wednesday, November 06, 2002
By this rejection the Asker will be notified by mail and hopefully he will take his responsibility to finalize the question or post an additional comment.
The Asker sees a button beside every post which says "Accept This Comment As Answer" (including rejected answers) -- so if he/she thinks yours is the best, you'll be awarded the points and the grade.
Thanks !
modulo
Community Support Moderator
Experts Exchange
you can always make one of the parameters of the SP as a password--
in other words-- you say
create proc myProc
@password @varchar(25)
@firstLetter
as
select * from employees where Left(firstName, 1) = @firstLetter and @password = 'mysupersecretpassword'
then as long as no one can read the definition for the SP, then you have to throw the password into it to make it work.
if you want to get really high tech, you can make the last whereclause into something more like this:
left(@password, 15) = mysecretpassword and cint(mid(@password, 15, 2) = 100 - Day(getDate())
so then you would need to pass the password 'mysecretpassword78' today (11/22)
and that password would only work today..
that way if you needed to release the password to someone that was quasi-technical then you could just give them the password that would be good for a day..
or.. you could make some super complex algorithm up to do this...
in other words-- you say
create proc myProc
@password @varchar(25)
@firstLetter
as
select * from employees where Left(firstName, 1) = @firstLetter and @password = 'mysupersecretpassword'
then as long as no one can read the definition for the SP, then you have to throw the password into it to make it work.
if you want to get really high tech, you can make the last whereclause into something more like this:
left(@password, 15) = mysecretpassword and cint(mid(@password, 15, 2) = 100 - Day(getDate())
so then you would need to pass the password 'mysecretpassword78' today (11/22)
and that password would only work today..
that way if you needed to release the password to someone that was quasi-technical then you could just give them the password that would be good for a day..
or.. you could make some super complex algorithm up to do this...
How about as a workaround you add:
sp_helptext <proc name>
return
to the top of your stored proc?
Cheers,