Post reply

Decrypting "with encryption" option

  • April 20, 2009 at 1:13 am

    #136796

    Hi,

    BOL says:

    ENCRYPTION

    Indicates that SQL Server will convert the original text of the CREATE PROCEDURE statement to an obfuscated format. The output of the obfuscation is not directly visible in any of the catalog views in SQL Server. Users that have no access to system tables or database files cannot retrieve the obfuscated text. However, the text will be available to privileged users that can either access system tables over the DAC port or directly access database files. Also, users that can attach a debugger to the server process can retrieve the decrypted procedure from memory at runtime. For more information about accessing system metadata, see Metadata Visibility Configuration.

    Lets say I've created a DDL Trigger:

    SET ANSI_NULLS ON

    GO

    SET QUOTED_IDENTIFIER ON

    GO

    CREATE TRIGGER [trg_MYDDLTrigger]

    ON DATABASE WITH ENCRYPTION

    FOR DDL_DATABASE_LEVEL_EVENTS

    AS

    SET NOCOUNT ON

    DECLARE @data XML

    SET @data = EVENTDATA()

    INSERT INTO [MYDB].[dbo].[DBChangeLog](databasename, eventtype,

    objectname, objecttype, sqlcommand, loginname)

    VALUES(

    @data.value('(/EVENT_INSTANCE/DatabaseName)[1]', 'varchar(256)'),

    @data.value('(/EVENT_INSTANCE/EventType)[1]', 'varchar(50)'),

    @data.value('(/EVENT_INSTANCE/ObjectName)[1]', 'varchar(256)'),

    @data.value('(/EVENT_INSTANCE/ObjectType)[1]', 'varchar(25)'),

    @data.value('(/EVENT_INSTANCE/TSQLCommand)[1]', 'varchar(max)'),

    @data.value('(/EVENT_INSTANCE/LoginName)[1]', 'varchar(256)')

    )

    GO

    SET ANSI_NULLS OFF

    GO

    SET QUOTED_IDENTIFIER OFF

    GO

    ENABLE TRIGGER [trg_DatabaseChangeControl] ON DATABASE

    I've tried connecting with DAC and quering sys.sql_modules but got NULL for the trigger definition. Does anyone know which system tables should I query in order to get the trigger definiton? I just want to make sure that it matches Source Safe without overwriting it.

  • April 20, 2009 at 1:25 am

    #980535

    As far as I'm aware, and contrary to what BoL seems to be saying, there's no way, within SQL to get at the decrypted text.

    Do a google search for SQL 2005 stored procedure decryption tools. You should find a few. There might be one or two free, most that I've seen are not.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply