Subject Re: [firebird-support] Follo-up for: Securing Database Stored Procedure
Author Uwe Grauer
Rolando Olan wrote:

> Hi Ann,
>
> Are you telling me that I really need to put my
> Business Logic on the Front-end side and remove it to
> the Database side because there's no way we can
> separate the SP from the DATA? This is my
> interpretation of your suggestion, please correct me
> if I'm wrong.
>
> Note: Can you suggest the best practices in developing
> application with high performance and at the same time
> secure enough (both the DATA and Source Codes).
>
> Thank you and advance merry Xmas and Happy New Year.
>
> Olan
> ------------------------------------------------------
> --- "Ann W. Harrison" <aharrison@...> wrote:
>
> > At 06:45 AM 12/20/2004, rbozzz wrote:
> >
> > >Is there a way I can put the Stored Procedures to a
> > separate
> > >Database while another database for the DATA or
> > tables/views.
> >
> > No. Your best hope is to delete the source of your
> > triggers
> > and procedures before distributing your application.
> >
> >
> > Regards,
> >
> >
> > Ann
> >
> >
>
>
A SP belongs to the Database where the Data resides.
Ann just told you to drop the SP-Source from the the Metadata Tables.
The Metadata normally has the Source of the SP and the compiled BLR.
The compiled BLR is used in Runtime of the SP. You do not need the
Source in Runtime.
This way users can't get the Source from your SP.
Read about the Metadata in Chapter 7 of langref.pdf.

Hop this helps,
Uwe