Module Signing, signature, certificate, asymmetric key, SQL Server, T-SQL, TSQL, SQLCLR, SQL# 2024-11-20 16-38
         Module Signing Info
     Home       Concepts       Answers       Reference       Microsoft Connect       Contact 
Module Signing, signature, certificate, asymmetric key, SQL Server, T-SQL, TSQL, SQLCLR, SQL#

Welcome to Module Signing Info, a site devoted to working with Module Signing, Certificates, and Asymmetric Keys in Microsoft SQL Server.

Module Signing is using Asymmetric Keys and/or Certificates to add fine-grained permissions to Stored Procedures, Triggers, Assemblies, and User-Defined Functions (except Inline Table-Valued Functions). Doing this allows you to effectively create highly specific permissions and avoid opening up security holes such as:

  • using impersonation (i.e. EXECUTE AS)
  • enabling "cross-database ownership chaining"
  • enabling TRUSTWORTHY
  • disabling "clr strict security" (new in SQL Server 2017)

To learn more about why you should use Module Signing instead of those other methods, please read: PLEASE, Please, please Stop Using Impersonation, TRUSTWORTHY, and Cross-DB Ownership Chaining


Module Signing, SQL Server, certificate, signature, certificate, asymmetric key, T-SQL, TSQL, SQLCLR, SQL# 2024-11-20 16-38