ÇëÎÊÓÐʲô·½·¨¿ÉÒÔʵÏÖ¶ÔÕû¸öÊý¾Ý¿âµÄÒ»¸ö°²È«ÐÔ±£»¤£¬°üÀ¨±í½á¹¹¡¢Êý¾ÝµÈÊý¾Ý¿â¶ÔÏ󣿱ÈÈ磬Èç¹ûÓû§Ã»Óб»ÊÚȨ¾Í²»Äܲ鿴µ½±í½á¹¹¡¢Êý¾ÝµÈ£¬¾ÍËãÊDz¿Ê𵽿ͻ§µÄ·þÎñÆ÷ÉÏ¿Í»§»¹ÊÇû·¨¿´µ½±í½á¹¹µÈ¡£
ÁíÍ⣬Èç¹ûÄÜʵÏֵĻ°»á²»»á¶ÔÊý¾Ý¿âÐÔÄܲúÉúʲôӰÏ죿

You can set proper permissions, encrypt stored procedures and so, even
encrypt data (that may affect performance). But it's hard to stop sysadmin at
your customer site.

"Jason Lee(News)" wrote:

SQL2005ÖпÉÒÔ½¨Á¢Database Master Key£¬ËµÊǶÔÕû¸öÊý¾Ý¿â½øÐб£»¤£¬ÄÇÕâ¸ö¶ÔÊý¾Ý¿âµÄ±£»¤ÊÇÈçºÎÌåÏÖ³öÀ´µÄ£¬Ó¦¸ÃÔõôÑùÈ¥Àí½â£¿ÊÇ·ñËüÖ»Õë¶ÔÖ¤Êé¡¢¶Ô³ÆÃÜÔ¿¡¢·Ç¶Ô³ÆÃÜÔ¿½øÐб£»¤£¬¶ø¶ÔÓÚÊý¾Ý»¹ÊǵÃͨ¹ýÖ¤Êé¡¢¶Ô³ÆÃÜÔ¿»òÕ߷ǶԳÆÃÜÔ¿À´±£»¤£¿

ÔÚSQL2008ÖÐÓÐÒ»¸öTDEҲ˵ÊÇ¿ÉÒÔ¶ÔÕû¸öÊý¾Ý¿â½øÐб£»¤£¬ÄÇTDEÓÖÊÇÈçºÎ±£»¤µÄ£¬Äܹ»ÊµÏÖÒ»ÖÖʲôÑùµÄ±£»¤Ð§¹û£¿ ËüºÍDMKµÄÇø±ðÔÚʲôµØ·½£¿

SQL2005ÖпÉÒÔ½¨Á¢Database Master Key£¬ËµÊǶÔÕû¸öÊý¾Ý¿â½øÐб£»¤£¬ÄÇÕâ¸ö¶ÔÊý¾Ý¿âµÄ±£»¤ÊÇÈçºÎÌåÏÖ³öÀ´µÄ£¬Ó¦¸ÃÔõôÑùÈ¥Àí½â£¿ÊÇ·ñËüÖ»Õë¶ÔÖ¤Êé¡¢¶Ô³ÆÃÜÔ¿¡¢·Ç¶Ô³ÆÃÜÔ¿½øÐб£»¤£¬¶ø¶ÔÓÚÊý¾Ý»¹ÊǵÃͨ¹ýÖ¤Êé¡¢¶Ô³ÆÃÜÔ¿»òÕ߷ǶԳÆÃÜÔ¿À´±£»¤£¿

ÔÚSQL2008ÖÐÓÐÒ»¸öTDEҲ˵ÊÇ¿ÉÒÔ¶ÔÕû¸öÊý¾Ý¿â½øÐб£»¤£¬ÄÇTDEÓÖÊÇÈçºÎ±£»¤µÄ£¬Äܹ»ÊµÏÖÒ»ÖÖʲôÑùµÄ±£»¤Ð§¹û£¿ ËüºÍDMKµÄÇø±ðÔÚʲôµØ·½£¿

You are right, and tde uses similar concept. The issue is when you send
database to customer, you have to send all those keys and certificates over.
Not sure if they will work on new server. Or you have to create them on
customer's server, then the question is who'll manage those keys.

"Jason Lee(News)" wrote:

混淆一下
把所有的数据库对象名写成 asdlkjf0021 类似的无意义字串，从前台程序到后台数据库一起改，对性能没有影响
你自己维护数据字典，有授权就打印一份给他，呵呵
虽然客户可以根据实际数据来猜测数据库中定义的对象，但是增加了难度

用户买你的东西，他就拥有权利，难道连看看的权利都没有啊，数据库里面的数据是用户的财产，不是你的

"Jason Lee(News)" gmail.com> 写入消息
news:uiTOEVAlIHA.1212@TK2MSFTNGP05.phx.gbl...