I want to ship an 11.0.1.2276 *.db file to another party without any of the procedural code still visible to even a binary editor.

I can use ALTER ... SET HIDDEN but that just obfuscates and the recipient is rather clever.

I suspect DROP may not do much of anything to the system catalog data and extension pages other than mark them as free.

Should I use ALTER to replace every procedure, trigger, event, service etcetera with big fat meaningless templates, thus overwriting everything?

Or is that still not going to work?

asked 07 Oct '10, 19:30

Breck%20Carter's gravatar image

Breck Carter
32.5k5417261050
accept rate: 20%

So you say ALTER ... SET HIDDEN is not that effective? Should I re-evaluate that part of my answer, cf. http://sqlanywhere-forum.sap.com/questions/1163#1167?

(08 Oct '10, 08:23) Volker Barth

It's obfuscation, not encryption... there is no user-supplied key. Plus, the engine needs to be able to parse the SQL code so by definition a de-obfuscation algorithm must exist... it's not a one-way thing. I think it's adequate for protection against casual hackers, but in MY case the intended recipient is awash in PhD-class thinkers :)

(08 Oct '10, 10:02) Breck Carter

@Breck: In my understanding, it's still encryption (in contrast to "one-way" hashing) but with a built-in key so that the engine can decrypt automatically. But nevertheless, I agree it's not strong encryption...

(08 Oct '10, 10:09) Volker Barth
Comment Text Removed

@Volker: If that is so, the engine contains the key, and the key hasn't changed in a thousand years, right? It could be super duper strong encryption, it doesn't matter if everyone has the key. Besides, the Help uses the word "obfuscate".

(08 Oct '10, 10:14) Breck Carter

These are two wild guesses:

1) Can you create a blank db and send only the data over to it? Ship the new "clean" db with the same data contents instead of the original with all the procedural code.

2) Can you unload the db and generate the reload statement then delete what you don't want in the reload and then reload? Ship the newly loaded "clean" db.

permanent link

answered 07 Oct '10, 20:46

Siger%20Matt's gravatar image

Siger Matt
3.3k5672101
accept rate: 15%

I guess that you don't have that much influence on the contents of "freed pages" or make sure that the pages containing procedural code get overwritten when the procedures are altered. (I don't know whether "free'd pages" are reliably "clean"). So I second Siger's suggestions.

(08 Oct '10, 08:27) Volker Barth

To add: Would you need something like Sysinternals SDELETE for database objects/pages?

(08 Oct '10, 08:29) Volker Barth

@Siger: yes, copying the tables but not the procedures to a new database is a perfect solution... except for the fact that I don't want to do that in this case. For various reasons, it's too much work.

(08 Oct '10, 10:09) Breck Carter
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×48

question asked: 07 Oct '10, 19:30

question was seen: 3,041 times

last updated: 07 Oct '10, 20:46