Very Computer

We have some complex queries which our customers will run accross their SQL
Server databases.  Is there any way we can protect the logic in our queries
from people capturing them using sql profiler??

1.  using multi-protocol encryption in the net library encrypts the
transmission but it is decrypted by the sql profiler, so thats useless for
our purposes.

2.  when creating encrypted stored procedures the procedures is initially
sent in plain text.

comments?  seems this is impossible with microsoft sql server.  unless
anyone has any ideas I guess all we can do is put "please don't prirate our
ideas" in the text..

regards,
  ewart.

    You could put a comment in the batch or SP with 'sp_password' in it.
Then the profiler will automatically filter the actual text. Ex:

-- sp_password
select * from pubs..authors

    But please note that this is not guaranteed to work in future releases
or service packs etc. So I would not recommend doing this. You should
protect your source by copyrights, legal agreements etc.

--
Umachandar Jayachandran
SQL Resources at http://www.umachandar.com/resources.htm
( Please reply only to newsgroup. )

That will have to do for now, no harm in it even if it's not supported
later - thanks.  If you run accross any other solutions, please email :-)

good stuff.
ewart.

Quote:>     You could put a comment in the batch or SP with 'sp_password' in it.
> Then the profiler will automatically filter the actual text. Ex:

> -- sp_password
> select * from pubs..authors

>     But please note that this is not guaranteed to work in future releases
> or service packs etc. So I would not recommend doing this. You should
> protect your source by copyrights, legal agreements etc.

> --
> Umachandar Jayachandran
> SQL Resources at http://www.umachandar.com/resources.htm
> ( Please reply only to newsgroup. )

Your worthy comments also gave me another idea - check to see if tracing is
actually running on the server at all.  If not, it's another level of
protection..

-- Determine if tracing is active on SQL Server 2000
SELECT * FROM :: fn_trace_getinfo(default)

Not sure of the command in sql 7 and 6.5 but I'll look into that.  If anyone
knows already then...  I don't have sql 7 installed right now so can't
check.

cheers,
ewart.

Quote:>     You could put a comment in the batch or SP with 'sp_password' in it.
> Then the profiler will automatically filter the actual text. Ex:

> -- sp_password
> select * from pubs..authors

>     But please note that this is not guaranteed to work in future releases
> or service packs etc. So I would not recommend doing this. You should
> protect your source by copyrights, legal agreements etc.

> --
> Umachandar Jayachandran
> SQL Resources at http://www.umachandar.com/resources.htm
> ( Please reply only to newsgroup. )

Your worthy comments also gave me another idea - check to see if tracing is
actually running on the server at all.  If not, it's another level of
protection..

-- Determine if tracing is active on SQL Server 2000
SELECT * FROM :: fn_trace_getinfo(default)

Not sure of the command in sql 7 and 6.5 but I'll look into that.  If anyone
knows already then...  I don't have sql 7 installed right now so can't
check.

cheers,
ewart.

Quote:>     You could put a comment in the batch or SP with 'sp_password' in it.
> Then the profiler will automatically filter the actual text. Ex:

> -- sp_password
> select * from pubs..authors

>     But please note that this is not guaranteed to work in future releases
> or service packs etc. So I would not recommend doing this. You should
> protect your source by copyrights, legal agreements etc.

> --
> Umachandar Jayachandran
> SQL Resources at http://www.umachandar.com/resources.htm
> ( Please reply only to newsgroup. )