Paul
 |
| 09/11/2001 4:29 AM |
 Quote
 Reply
 Alert
|
| Hello, I am working on an ASP&VB platform connecting to SQL2K. This product will be packaged and sold. I am interested in protecting my database from people who want to see how it is put together. It will be loaded on Win2K boxes that I won't have control over. I feel like NT authentication will not be feasible because of this. But won't someone eventually be able to compromise the sa password?
Thanks |
|
|
|
|
Chip Andrews
|
| 01/01/2001 12:00 AM |
Quote
Reply
Alert
|
| I would forget about trying to hide your design. If the code is running on their servers then they can reverse engineer anything you put on it - even your compiled VB code. The tools already exist to do this. I would concentrate on making sure you get good lawyers and make sure your code contains the necessary disclaimers.
You could stop some casual theft by encrypting your stored procedures (using the WITH ENCRYPTION option) but your tables will always be visible to the sysadmin role or the 'sa' account. The customer will need this level of privilege to maintain/backup/optimize/repair the SQL Server - it is THEIR server after all isn't it?
Chip
|
|
|
|
|
Paul
|
| 01/01/2001 12:00 AM |
Quote
Reply
Alert
|
| Yes, it is their server. I do understand about the reverse engineering... there are also tools to "deencrypt" the encrypted sps. But I agree that there are some basic measures we can take. I guess I was hoping to have web interfaces to perform all backup and administrative functions, even to restart the sql server. How realistic is this? I was hoping this would keep me from having to allow system admin priv. Maybe I could even rename the sa account like you discussed in another article.
You are right about the lawyer bit too.
|
|
|
|
|