Re: WITH ENCRYPTION en masse
From: Simon Train (simon.train@btinternet.com)
Date: 09/27/02
- Next message: jimmers: "Re: Trace Files"
- Previous message: Ansar Javed: "Password protected Database"
- In reply to: Andrew John: "Re: WITH ENCRYPTION en masse"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Simon Train" <simon.train@btinternet.com> Date: Fri, 27 Sep 2002 08:22:33 +0100
Thanks for the info.
Howeverm, I need a more fullproof approach that will take into account 'AS'
being delimited and part of the SP's name or tables etc. Also, one that will
encrypt Views, Triggers and UDF's - all with different scripting
requirements for WITH ENCRYPTION.
Yes, it is possible to decrypt SP's, but encryption makes it harder for
most - also a deliberate act is required to decrypt - bit like someone
breaking through a lock - its a deterrent? Also, I want to encrypt Views,
Triggers and UDF's - not just SPs. I haven't found any tools to decrypt all
of those.
Regards, Simon
"Andrew John" <aj@NOSPAMmistrose.com> wrote in message
news:e8S3YjbZCHA.1724@tkmsftngp10...
> Simon,
>
> I've played around with this before, but the attached SP is not really fit
for production,
> maybe you can turn it into something useful.
> Caveats:
> 1) It relies on a text search for the first AS. So if this optional
statement has been used in any
> of the parameters it won't work.
> 2) If a procedure has so many parameters that first AS is not in the 1st
4000 chars it wont work
> 3) The flow of control could be improved, so that it errors and goes on,
rather than breaking out
> when it finds an object it can't handle.
>
> Scripting the database, and then using a good text editor, may be your
best bet.
>
> More importantly, why bother. The decryption algorithm is disappointingly
trivial, so you are not
> really protecting anything.
> I've tried setting the ctext field in syscomments to 0x0 instead, and the
stored procedure I tested it on
> keeps working, but only until the next SQL server stop/start, so thats of
limited use too.
>
> You may have better luck over at the microsoft.public.sqlserver.security
newsgroup, or it's
> archive at google.com
>
> Face it, until Microsoft patches/upgrades the encryption, it is a waste of
time.
>
> I don't normally bother, as this is a newsgroup after all, but I'll quote
from the Microsoft posters:
> "This posting is provided "AS IS" with no warranties, and confers no
rights."
>
> Regards
> AJ
>
> "Simon Train" <simon.train@btinternet.com> wrote in message
news:uSsAGZLZCHA.2028@tkmsftngp11...
> > Has anyone come up with a reliable way of automatically inserting the
WITH
> > OPTION to the text of stored procedures, views, user-defined functions
or
> > triggers. I need to encrypt lots of objects en masse in production
databases
> > and since some of the options already use WITH... options the insertion
of
> > WITH OPTION is tricky.
> >
> > Any ideas?
> >
> > Thanks, Simon
> >
> >
>
>
>
- Next message: jimmers: "Re: Trace Files"
- Previous message: Ansar Javed: "Password protected Database"
- In reply to: Andrew John: "Re: WITH ENCRYPTION en masse"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
