Post reply

Profile comments out text when "Password" is in it

  • June 5, 2007 at 10:24 am

    #95308

    I was running a trace of a procedure and I couldn't find the procedure any where in the TextData column of Profiler. Well I think I found out why. I saw this in a RPCStarting Row:

     

    -- 'password' was found in the text of this event.

    -- The text has been replaced with this comment for security

    reasons.  

    How do you disable this?

  • June 5, 2007 at 10:48 am

    #710897

    The easiest way is to refactor the code, using something other than "password", such as "passcode".

    The harder, more unsecure, virus scanner unfriendly, not necessarily service pack friendly, and fully unsupported method would be something like this.

  • June 5, 2007 at 10:57 am

    #710905

    Ah Ha!

    Thanks David.

  • June 5, 2007 at 11:02 am

    #710909

    Actually I had another question. 

    Does this apply to parameters as well? I'm assuming yes.. that it applies to any text that contains "password".

    Thanks again.

  • June 5, 2007 at 11:19 am

    #710915

    That's my understanding, in that it just looks for blacklisted words, period. You can try it as a test to make sure, if you'd like, one pass with "password", the other with "pwd", for instance.

  • June 6, 2007 at 12:48 am

    #711030

    Try catching the Stored Proc: SPStarted event instead of the RPC started event. I know that in 2005 the SPStarted event doesn't filter.

    AFAIK the filtered words are 'password' and 'setapprole'

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply