Post reply

create procedure with encryption

  • May 15, 2008 at 3:24 pm

    #190610

    if ive created a procedure with encryption, can any one any how to decrypt this procedure?

    ..>>..

    MobashA

  • May 16, 2008 at 1:23 am

    #816288

    Yes. very easily. It's not actually encryption, despite the name. It's kinda hashed and hidden.

    There are a number of tools on the net to decrypt procs. A quick google search should get you a few.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • May 16, 2008 at 5:57 am

    #816388

    i hate this mause and cat games, is there any way to do this with out any one decryting this procedure?

    ..>>..

    MobashA

  • May 16, 2008 at 7:57 am

    #816499

    Bear in mind that the encryption can't be irreversable. The SQL engine has to be able to decrypt the procedures in order to run them.

    2005's better than 2000 was. In 2000, profiler would show you the text of encrypted procs. In 2005 it doesn't anymore

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • May 16, 2008 at 1:43 pm

    #816713

    I've come across a couple sps that the procs on the net couldn't decrypt, but I haven't figured out what the key is yet.

    But in general, no, they can always be decrypted.

    Watch my free SQL Server Tutorials at:
    http://MidnightDBA.com
    Blog Author of:
    DBA Rant – http://www.MidnightDBA.com/DBARant

    Minion Maintenance is FREE:

  • May 17, 2008 at 3:33 am

    #816847

    i have found one noline but it requires to connect using DAC.

    i need to check more but is there any difference between DAC and normal connection about things i can do or see, i thought DAC is a way to connect when no one can, its not about actions a user can do.

    ..>>..

    MobashA

  • May 17, 2008 at 9:14 am

    #816864

    In SQL Server 2000, anyone with sysadmin rights can decrypt an encrypted stored procedure at any time. Depending on the length, someone with db_ddladmin could pull it off, too, with the appropriate script from shoeboy.

    In SQL Server 2005 you have to come through the DAC. So if the DAC is locked down to local, only via a local login would someone be able to decrypt any stored procedures encrypted in this manner. And as another poster pointed out, an encrypted stored procedure is something SQL Server has to be able to decrypt. So at some point the stored procedure will exist in memory in its unencrypted form. So technically with a debugger someone could get at the stored procedure. It's a lot more difficult, but it is still possible. So if you're looking for 100% no, no one can reverse engineer your stored procedure, you can't get that.

    And it is encryption, albeit with a symmetric algorithm.

    K. Brian Kelley
    @kbriankelley

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply