Hi all, I am looking for options regarding securing my intellectual property
with regards to deploying an SQL Reporting Server a customer's location.
The situation in brief is this: our customer has an SQL Server database on
server X, we are going to install SQL Reporting Services on server Y. My
company is going to create reports (RDL files) that will be executed on
server Y, but get their data from server X. We do not want the customer to
be able to extract the RDL information from server Y, which out of the box
seems to be very easy to do.
Is there a way to run an SQL Report server in a way that does not allow the
RDL to be extracted from it?
If not, is it possible that the server could be extended in a custom way to
allow this?
Is it possible to truely secure an SQL Server 2000 database to prevent
unauthorized snooping by our customers?
Thanks for any ideas or resources you can share! :)
(If you want to post here or email me, either will work)If you are the one managing the server that has RS on it then my guess is
that you can. If you are not managing it then no. If someone has
administrator access to the server then they can definitely extract the RDL.
If only your company will have administrator rights to the server then you
can use the role based security to prevent extracting out the RDL.
--
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
news:10nfp5njokq7q84@.corp.supernews.com...
> Hi all, I am looking for options regarding securing my intellectual
property
> with regards to deploying an SQL Reporting Server a customer's location.
> The situation in brief is this: our customer has an SQL Server database on
> server X, we are going to install SQL Reporting Services on server Y. My
> company is going to create reports (RDL files) that will be executed on
> server Y, but get their data from server X. We do not want the customer
to
> be able to extract the RDL information from server Y, which out of the box
> seems to be very easy to do.
> Is there a way to run an SQL Report server in a way that does not allow
the
> RDL to be extracted from it?
> If not, is it possible that the server could be extended in a custom way
to
> allow this?
> Is it possible to truely secure an SQL Server 2000 database to prevent
> unauthorized snooping by our customers?
> Thanks for any ideas or resources you can share! :)
> (If you want to post here or email me, either will work)
>|||Bruce, thanks for the quick response. I have a follow up question for you,
or anyone for that matter. Given the extensible nature of RS, is it
possible that the area of RS responsible for pulling the RDL out of the
database could be overriden to include some form of encryption? One would
also need to be able to insert the RDL encrypted too, so that might require
modification as well.
Any ideas?
Thanks!
"Bruce L-C [MVP]" <bruce_lcNOSPAM@.hotmail.com> wrote in message
news:u0j16$4tEHA.2184@.TK2MSFTNGP12.phx.gbl...
> If you are the one managing the server that has RS on it then my guess is
> that you can. If you are not managing it then no. If someone has
> administrator access to the server then they can definitely extract the
RDL.
> If only your company will have administrator rights to the server then you
> can use the role based security to prevent extracting out the RDL.
> --
> Bruce Loehle-Conger
> MVP SQL Server Reporting Services
> "Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
> news:10nfp5njokq7q84@.corp.supernews.com...
> > Hi all, I am looking for options regarding securing my intellectual
> property
> > with regards to deploying an SQL Reporting Server a customer's location.
> > The situation in brief is this: our customer has an SQL Server database
on
> > server X, we are going to install SQL Reporting Services on server Y.
My
> > company is going to create reports (RDL files) that will be executed on
> > server Y, but get their data from server X. We do not want the customer
> to
> > be able to extract the RDL information from server Y, which out of the
box
> > seems to be very easy to do.
> > Is there a way to run an SQL Report server in a way that does not allow
> the
> > RDL to be extracted from it?
> > If not, is it possible that the server could be extended in a custom way
> to
> > allow this?
> > Is it possible to truely secure an SQL Server 2000 database to prevent
> > unauthorized snooping by our customers?
> >
> > Thanks for any ideas or resources you can share! :)
> > (If you want to post here or email me, either will work)
> >
> >
>|||How about adding a soap extension on the RS web service that encrypts the
RDL before inserting to the database and decrypts it when extracting (for
rendering).
-Tim
"Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
news:10ng7bjabp3un79@.corp.supernews.com...
> Bruce, thanks for the quick response. I have a follow up question for
you,
> or anyone for that matter. Given the extensible nature of RS, is it
> possible that the area of RS responsible for pulling the RDL out of the
> database could be overriden to include some form of encryption? One would
> also need to be able to insert the RDL encrypted too, so that might
require
> modification as well.
> Any ideas?
> Thanks!
>
> "Bruce L-C [MVP]" <bruce_lcNOSPAM@.hotmail.com> wrote in message
> news:u0j16$4tEHA.2184@.TK2MSFTNGP12.phx.gbl...
> > If you are the one managing the server that has RS on it then my guess
is
> > that you can. If you are not managing it then no. If someone has
> > administrator access to the server then they can definitely extract the
> RDL.
> > If only your company will have administrator rights to the server then
you
> > can use the role based security to prevent extracting out the RDL.
> >
> > --
> > Bruce Loehle-Conger
> > MVP SQL Server Reporting Services
> >
> > "Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
> > news:10nfp5njokq7q84@.corp.supernews.com...
> > > Hi all, I am looking for options regarding securing my intellectual
> > property
> > > with regards to deploying an SQL Reporting Server a customer's
location.
> > > The situation in brief is this: our customer has an SQL Server
database
> on
> > > server X, we are going to install SQL Reporting Services on server Y.
> My
> > > company is going to create reports (RDL files) that will be executed
on
> > > server Y, but get their data from server X. We do not want the
customer
> > to
> > > be able to extract the RDL information from server Y, which out of the
> box
> > > seems to be very easy to do.
> > > Is there a way to run an SQL Report server in a way that does not
allow
> > the
> > > RDL to be extracted from it?
> > > If not, is it possible that the server could be extended in a custom
way
> > to
> > > allow this?
> > > Is it possible to truely secure an SQL Server 2000 database to prevent
> > > unauthorized snooping by our customers?
> > >
> > > Thanks for any ideas or resources you can share! :)
> > > (If you want to post here or email me, either will work)
> > >
> > >
> >
> >
>|||Hi Tim, that sounds like it'd be worth looking into. Can you give me some
more info on what you have in mind? I'm not familiar enough with RS yet to
know where I would even start looking.
Thanks!
"Tim Ellison" <TimEllison@.direcway.com> wrote in message
news:#XVlilDuEHA.160@.TK2MSFTNGP11.phx.gbl...
> How about adding a soap extension on the RS web service that encrypts the
> RDL before inserting to the database and decrypts it when extracting (for
> rendering).
> -Tim
> "Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
> news:10ng7bjabp3un79@.corp.supernews.com...
> > Bruce, thanks for the quick response. I have a follow up question for
> you,
> > or anyone for that matter. Given the extensible nature of RS, is it
> > possible that the area of RS responsible for pulling the RDL out of the
> > database could be overriden to include some form of encryption? One
would
> > also need to be able to insert the RDL encrypted too, so that might
> require
> > modification as well.
> > Any ideas?
> >
> > Thanks!
> >
> >
> > "Bruce L-C [MVP]" <bruce_lcNOSPAM@.hotmail.com> wrote in message
> > news:u0j16$4tEHA.2184@.TK2MSFTNGP12.phx.gbl...
> > > If you are the one managing the server that has RS on it then my guess
> is
> > > that you can. If you are not managing it then no. If someone has
> > > administrator access to the server then they can definitely extract
the
> > RDL.
> > > If only your company will have administrator rights to the server then
> you
> > > can use the role based security to prevent extracting out the RDL.
> > >
> > > --
> > > Bruce Loehle-Conger
> > > MVP SQL Server Reporting Services
> > >
> > > "Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
> > > news:10nfp5njokq7q84@.corp.supernews.com...
> > > > Hi all, I am looking for options regarding securing my intellectual
> > > property
> > > > with regards to deploying an SQL Reporting Server a customer's
> location.
> > > > The situation in brief is this: our customer has an SQL Server
> database
> > on
> > > > server X, we are going to install SQL Reporting Services on server
Y.
> > My
> > > > company is going to create reports (RDL files) that will be executed
> on
> > > > server Y, but get their data from server X. We do not want the
> customer
> > > to
> > > > be able to extract the RDL information from server Y, which out of
the
> > box
> > > > seems to be very easy to do.
> > > > Is there a way to run an SQL Report server in a way that does not
> allow
> > > the
> > > > RDL to be extracted from it?
> > > > If not, is it possible that the server could be extended in a custom
> way
> > > to
> > > > allow this?
> > > > Is it possible to truely secure an SQL Server 2000 database to
prevent
> > > > unauthorized snooping by our customers?
> > > >
> > > > Thanks for any ideas or resources you can share! :)
> > > > (If you want to post here or email me, either will work)
> > > >
> > > >
> > >
> > >
> >
> >
>|||Reporting Services consists of 3 sub-systems when deployed:
1) ReportServer
- This is the web service that gets called when you use (2).
2) Reports
- This is the "out-of-the-box" web application.
(http://localhost/Reports)
Look under MSDN (or Google) for "Soap Extensions". These are classes that
bind into the event chain when a web service method is called. If you're
familiar with patterns, consider them SOAP "decorators". If not, think of
them as little add-ons you can configure in the web.config that ties into
the chain for a web service method call.
It's better that you review the stuff on MSDN than I try to explain. They
do a much better job and you're going to want to understand it fairly well
before trying to implement it.
--
Regards,
Tim Ellison, MCP
Ironworks Consulting, LLC
(m) 804.405.4874
"Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
news:10nq13162fabf47@.corp.supernews.com...
> Hi Tim, that sounds like it'd be worth looking into. Can you give me some
> more info on what you have in mind? I'm not familiar enough with RS yet
to
> know where I would even start looking.
> Thanks!
> "Tim Ellison" <TimEllison@.direcway.com> wrote in message
> news:#XVlilDuEHA.160@.TK2MSFTNGP11.phx.gbl...
> > How about adding a soap extension on the RS web service that encrypts
the
> > RDL before inserting to the database and decrypts it when extracting
(for
> > rendering).
> >
> > -Tim
> >
> > "Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
> > news:10ng7bjabp3un79@.corp.supernews.com...
> > > Bruce, thanks for the quick response. I have a follow up question for
> > you,
> > > or anyone for that matter. Given the extensible nature of RS, is it
> > > possible that the area of RS responsible for pulling the RDL out of
the
> > > database could be overriden to include some form of encryption? One
> would
> > > also need to be able to insert the RDL encrypted too, so that might
> > require
> > > modification as well.
> > > Any ideas?
> > >
> > > Thanks!
> > >
> > >
> > > "Bruce L-C [MVP]" <bruce_lcNOSPAM@.hotmail.com> wrote in message
> > > news:u0j16$4tEHA.2184@.TK2MSFTNGP12.phx.gbl...
> > > > If you are the one managing the server that has RS on it then my
guess
> > is
> > > > that you can. If you are not managing it then no. If someone has
> > > > administrator access to the server then they can definitely extract
> the
> > > RDL.
> > > > If only your company will have administrator rights to the server
then
> > you
> > > > can use the role based security to prevent extracting out the RDL.
> > > >
> > > > --
> > > > Bruce Loehle-Conger
> > > > MVP SQL Server Reporting Services
> > > >
> > > > "Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
> > > > news:10nfp5njokq7q84@.corp.supernews.com...
> > > > > Hi all, I am looking for options regarding securing my
intellectual
> > > > property
> > > > > with regards to deploying an SQL Reporting Server a customer's
> > location.
> > > > > The situation in brief is this: our customer has an SQL Server
> > database
> > > on
> > > > > server X, we are going to install SQL Reporting Services on server
> Y.
> > > My
> > > > > company is going to create reports (RDL files) that will be
executed
> > on
> > > > > server Y, but get their data from server X. We do not want the
> > customer
> > > > to
> > > > > be able to extract the RDL information from server Y, which out of
> the
> > > box
> > > > > seems to be very easy to do.
> > > > > Is there a way to run an SQL Report server in a way that does not
> > allow
> > > > the
> > > > > RDL to be extracted from it?
> > > > > If not, is it possible that the server could be extended in a
custom
> > way
> > > > to
> > > > > allow this?
> > > > > Is it possible to truely secure an SQL Server 2000 database to
> prevent
> > > > > unauthorized snooping by our customers?
> > > > >
> > > > > Thanks for any ideas or resources you can share! :)
> > > > > (If you want to post here or email me, either will work)
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>|||Thank you very much for the information!
I will see what I can uncover on MSDN
"TIM ELLISON" <TimEllison@.direcway.com> wrote in message
news:uUvuukuuEHA.3840@.TK2MSFTNGP12.phx.gbl...
> Reporting Services consists of 3 sub-systems when deployed:
> 1) ReportServer
> - This is the web service that gets called when you use (2).
> 2) Reports
> - This is the "out-of-the-box" web application.
> (http://localhost/Reports)
> Look under MSDN (or Google) for "Soap Extensions". These are classes that
> bind into the event chain when a web service method is called. If you're
> familiar with patterns, consider them SOAP "decorators". If not, think of
> them as little add-ons you can configure in the web.config that ties into
> the chain for a web service method call.
> It's better that you review the stuff on MSDN than I try to explain. They
> do a much better job and you're going to want to understand it fairly well
> before trying to implement it.
> --
> Regards,
> Tim Ellison, MCP
> Ironworks Consulting, LLC
> (m) 804.405.4874
> "Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
> news:10nq13162fabf47@.corp.supernews.com...
> > Hi Tim, that sounds like it'd be worth looking into. Can you give me
some
> > more info on what you have in mind? I'm not familiar enough with RS yet
> to
> > know where I would even start looking.
> >
> > Thanks!
> >
> > "Tim Ellison" <TimEllison@.direcway.com> wrote in message
> > news:#XVlilDuEHA.160@.TK2MSFTNGP11.phx.gbl...
> > > How about adding a soap extension on the RS web service that encrypts
> the
> > > RDL before inserting to the database and decrypts it when extracting
> (for
> > > rendering).
> > >
> > > -Tim
> > >
> > > "Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
> > > news:10ng7bjabp3un79@.corp.supernews.com...
> > > > Bruce, thanks for the quick response. I have a follow up question
for
> > > you,
> > > > or anyone for that matter. Given the extensible nature of RS, is it
> > > > possible that the area of RS responsible for pulling the RDL out of
> the
> > > > database could be overriden to include some form of encryption? One
> > would
> > > > also need to be able to insert the RDL encrypted too, so that might
> > > require
> > > > modification as well.
> > > > Any ideas?
> > > >
> > > > Thanks!
> > > >
> > > >
> > > > "Bruce L-C [MVP]" <bruce_lcNOSPAM@.hotmail.com> wrote in message
> > > > news:u0j16$4tEHA.2184@.TK2MSFTNGP12.phx.gbl...
> > > > > If you are the one managing the server that has RS on it then my
> guess
> > > is
> > > > > that you can. If you are not managing it then no. If someone has
> > > > > administrator access to the server then they can definitely
extract
> > the
> > > > RDL.
> > > > > If only your company will have administrator rights to the server
> then
> > > you
> > > > > can use the role based security to prevent extracting out the RDL.
> > > > >
> > > > > --
> > > > > Bruce Loehle-Conger
> > > > > MVP SQL Server Reporting Services
> > > > >
> > > > > "Paul" <10212004Sqlquestion@.otakudb.com> wrote in message
> > > > > news:10nfp5njokq7q84@.corp.supernews.com...
> > > > > > Hi all, I am looking for options regarding securing my
> intellectual
> > > > > property
> > > > > > with regards to deploying an SQL Reporting Server a customer's
> > > location.
> > > > > > The situation in brief is this: our customer has an SQL Server
> > > database
> > > > on
> > > > > > server X, we are going to install SQL Reporting Services on
server
> > Y.
> > > > My
> > > > > > company is going to create reports (RDL files) that will be
> executed
> > > on
> > > > > > server Y, but get their data from server X. We do not want the
> > > customer
> > > > > to
> > > > > > be able to extract the RDL information from server Y, which out
of
> > the
> > > > box
> > > > > > seems to be very easy to do.
> > > > > > Is there a way to run an SQL Report server in a way that does
not
> > > allow
> > > > > the
> > > > > > RDL to be extracted from it?
> > > > > > If not, is it possible that the server could be extended in a
> custom
> > > way
> > > > > to
> > > > > > allow this?
> > > > > > Is it possible to truely secure an SQL Server 2000 database to
> > prevent
> > > > > > unauthorized snooping by our customers?
> > > > > >
> > > > > > Thanks for any ideas or resources you can share! :)
> > > > > > (If you want to post here or email me, either will work)
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment