Scenario: Our Application Database (in SQL Server 2012) contains entire business logic in the Stored Procedures (SPs). Everytime we have to publish the DB to the client, it unnecessarily results in copying the SPs to the Client DB.
Problem: All the Business Logic gets copied at the Client Side and results in proprietary issues.
Solutions Tried Earlier:
-
CREATE PROCEDURE Proc_Name WITH ENCRYPTION
This method results in encrypted and non-maintainable SP code. We cannot judge which version of code is running at the client side, hence cannot debug. Version control cannot be applied. Moreover, client cannot perform DB replication since encrypted SPs do not get replicated.
-
CREATE SYNONYM SchemaName.Proc_Name FOR LinkedServerDB.SchemaName.Proc_Name
This allows for creation of references (synonyms) at Client_DB which access the actual SPs residing on a Remote_Linked_Server_DB. In each SP call, entire data is accessed from Client_DB and transmitted to Remote_Linked_Server_DB where the calculations are done and the result is sent back. This results in acute performance issues. Also requires 24×7 internet connectivity to the remote linked server.
Requirement (Edited):
- We are looking for a solution whereby the stored procedure code could be compiled (secured) and separated from the Client Database.
- The compiled stored procedure code should be available at the client-end so that client does not require 24×7 connection to a remote location for accessing the stored procedures as in the case of using SYNONYMS.
- I have a slight hint of using CLR-SQL in Visual Studio Database Projects, but I guess that would require re-writing all the stored procedures (which is nearly impossible since we have more than 100 SPs).
Best Answer
I do not think that your requirements are complete as there are reasons that your prior attempts did not work that are not reflected in the stated Requirements. You mentioned in attempted solution #1 that you need to be able to debug the code / know what version it is, and the client needs to be able to replicate the code. Are these two issues current requirements?
If the need for replication is still a requirement, then that conflicts with the requirement to be "compiled (secured)".
I will assume that the client's server is something they have full
sa
access to such that DENYing theVIEW ANY DEFINITION
permission is not a viable approach.One thing to try is taking the T-SQL of your Stored Procedures and encapsulating each one, unchanged, into CLR Stored Procedures. You would place one or more related Stored Procedures into an Assembly. Here are some thoughts about this:
WITH PERMISSION_SET = SAFE
CommandType.Text
and CommandText set to the current T-SQL Stored Procedure content"context connection=true"
)