create procedure with encryption

  • if ive created a procedure with encryption, can any one any how to decrypt this procedure?

    ..>>..

    MobashA

  • Yes. very easily. It's not actually encryption, despite the name. It's kinda hashed and hidden.

    There are a number of tools on the net to decrypt procs. A quick google search should get you a few.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • i hate this mause and cat games, is there any way to do this with out any one decryting this procedure?

    ..>>..

    MobashA

  • Bear in mind that the encryption can't be irreversable. The SQL engine has to be able to decrypt the procedures in order to run them.

    2005's better than 2000 was. In 2000, profiler would show you the text of encrypted procs. In 2005 it doesn't anymore

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • I've come across a couple sps that the procs on the net couldn't decrypt, but I haven't figured out what the key is yet.

    But in general, no, they can always be decrypted.

    Watch my free SQL Server Tutorials at:
    http://MidnightDBA.com
    Blog Author of:
    DBA Rant – http://www.MidnightDBA.com/DBARant

    Minion Maintenance is FREE:

  • i have found one noline but it requires to connect using DAC.

    i need to check more but is there any difference between DAC and normal connection about things i can do or see, i thought DAC is a way to connect when no one can, its not about actions a user can do.

    ..>>..

    MobashA

  • In SQL Server 2000, anyone with sysadmin rights can decrypt an encrypted stored procedure at any time. Depending on the length, someone with db_ddladmin could pull it off, too, with the appropriate script from shoeboy.

    In SQL Server 2005 you have to come through the DAC. So if the DAC is locked down to local, only via a local login would someone be able to decrypt any stored procedures encrypted in this manner. And as another poster pointed out, an encrypted stored procedure is something SQL Server has to be able to decrypt. So at some point the stored procedure will exist in memory in its unencrypted form. So technically with a debugger someone could get at the stored procedure. It's a lot more difficult, but it is still possible. So if you're looking for 100% no, no one can reverse engineer your stored procedure, you can't get that.

    And it is encryption, albeit with a symmetric algorithm.

    K. Brian Kelley
    @kbriankelley

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply