||SQL Server Tips by Gama and Naughter
XP's as black boxes
There are situations when it is necessary to
encrypt data with a password transparently to the user. By storing
the password hard coded in the DLL, a user could try to find it in
the DLL or capture it by sniffing the data with SQL Server Profiler.
A password that changes dynamically, either time or frequency based,
is a better solution. This would not work with a stored procedure
because the code would reveal the algorithm and its possible flaws
or vulnerabilities would be exposed. This is security by obscurity
but so is most, if not all, licensing schemes.
The above book excerpt is from:
Turbocharge Database Performance with C++ External Procedures
Joseph Gama, P. J. Naughter