||SQL Server Tips by Gama and Naughter
There are five main types of protection:
* Compiling to native code. - The code can be disassembled
and reverse engineered. However, the cost of doing this could be
many times higher than developing the original code.
* Compiling to intermediate code (Java, Visual Basic P-code, CLI).
- This code is easily decompiled due to its nature.
* Obfuscating the code (removing comments, scrambling variable
names', modifying the code structure). Obfuscation makes the
code less readable but it is still possible to isolate sections of
code and try to understand what they do. If an important algorithm
is in a function, the code can still be used or analyzed separately.
* Encoding (changing the format of the code, for example using
insecure by definition.
* Encrypting the code (by using internal mechanisms like WITH
ENCRYPTION for TSQL code or dynamic execution of code, after being
decrypted, common in JScript or using special tools for PE files
like UPX) - the WITH ENCRYPTION clause would be perfect but a
few ways to defeat it are of public knowledge.
The above book excerpt is from:
Turbocharge Database Performance with C++ External Procedures
Joseph Gama, P. J. Naughter