Custom and GOTS application source code stored in the database should be protected with encryption or encoding.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3823 | DG0091-SQLServer9 | SV-24094r1_rule | DCSL-1 | Low |
| Description |
|---|
| Source code may include information on data relationships, locations of sensitive data that are otherwise obscured, or other processing information that could aid a malicious user. Encoding or encryption of the custom source code objects within the database helps protect against this type of disclosure. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Database Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-19555r1_fix) |
|---|
| Recreate stored procedures and specify encryption using the ALTER PROCEDURE command. Example: ALTER PROCEDURE [MyProc] WITH ENCRYPTION AS SELECT [mycol1], [mycol2] FROM [mytable]... Replace objects specified between the "[]" characters with custom/GOTS procedure references. Document all exceptions to this requirement in the System Security Plan and authorize with the IAO. |