c# - Mangling column names in MSSQL for security -


i joined new project previous product manager decided mangle column names in majority of tables, hear aimed @ security/protection of our code since major part sql stored procedures.

here's simple visualization:

+-----------+------------+----+----------+-------+ | c1        | c2         | c3 | c4       | c5    | +-----------+------------+----+----------+-------+ | john doe  | 11-11-1944 | m  | street 1 | julie | +-----------+------------+----+----------+-------+ | mary jane | 13-02-1991 | f  | street 2 | null  | +-----------+------------+----+----------+-------+

somewhere agree him need mangle names, not when developing rather before delivering product customer. application in .net c#.

first, how can recover this? strategy or preferably tool (similar lines of uglify js)?

second, how can still protect code (stored procedure) after unmangling names?

i have no idea why think mangling names make system more secure. if want security, use database security features. instance, don't allow read tables directly, require stored procedures used. or, encrypt data itself, doesn't read. normally, data secure, not names of columns.

that said, don't see how can away "mangled" names during development. could use views map mangled names unmangled names. however, means have bunch of code needs changed when database structure changes. worse, means original developers confused when trying solve problems after release.


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more