Mangling column names in MSSQL for security
Question
I recently joined a new project where the previous product manager decided to mangle column names in a majority of the tables, from what I hear this was aimed at security/protection of our code since a major part is SQL Stored Procedures.
Here's a simple visualization:
+-----------+------------+----+----------+-------+
| C1 | C2 | C3 | C4 | C5 |
+-----------+------------+----+----------+-------+
| John Doe | 11-11-1944 | M | Street 1 | Julie |
+-----------+------------+----+----------+-------+
| Mary Jane | 13-02-1991 | F | Street 2 | null |
+-----------+------------+----+----------+-------+
Somewhere I agree with him that we need to mangle the names, but not when we are developing rather before delivering the product to the customer. The application itself is in .NET C#.
First, how can I recover from this? Any strategy or preferably a tool (similar to the lines of uglify for JS)?
Second, how can I still protect the code (Stored Procedure) after unmangling the names?
3 answers
solution1
4 ACCPTED 2014-06-27 11:30:39
I have no idea why anyone would think that mangling names would make the system more secure. If you want security, then use the database security features. For instance, don't allow anyone to read the tables directly, require that stored procedures be used. Or, encrypt the data itself, so that doesn't get read. Normally, it is the data that is secure, not the names of the columns.
That said, I don't see how you can get away from the "mangled" names during development. You could use views that map the mangled names to unmangled names. However, that just means that you have a bunch of code that needs to be changed when the database structure changes. Worse, it means that the original developers will be very confused when they are trying to solve problems after release.
solution2
3 2014-06-27 11:28:51
With Mangling ... do you mean giving meaningful names to columns? If yes, then you can create a different table with same schema definition as of your posted table then just do a
insert into your_new_table
select c1,c2,c3,c4,c5 from
your_mangled_table
how can I still protect the code (Stored Procedure) after unmangling the names
That's won't be possible automatically. You will have to ALTER your procedure code to modify the column/table name(s) to reflect the new changes.
solution3
2 2014-06-27 11:35:21
SQL server supports stored procedure encryption. I have never used it so can't comment further but this may help you. http://msdn.microsoft.com/en-gb/library/ms187926.aspx
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.