none
How to encrypt and decrypt stored procedures?

    Question

  • I encrypt my procedures using with encryption clause, but I do not how to decrypt again.   

    Is there a command or utility for encrypt and decrypt in Sql 2000? How about Sql 2005?

    Thanks

    Haydee

    Sunday, May 07, 2006 9:31 PM

Answers

All replies

  • Decryption is weak and can be cracked by searching on google for the specific algorithms, there was a thread sometime ago, which might be useful to you:

    http://groups.google.de/group/comp.databases.ms-sqlserver/browse_frm/thread/34b309b76ba574b4

    HTH, Jens Suessmeyer.

    ---
    http://www.sqlserver2005.de
    ---

    Monday, May 08, 2006 10:06 AM
  • Jens is right, the procedure encryption is actually referred to as obfuscation in Books Online. Also, there is no SQL Server command for decrypting it back.

    Thanks
    Laurentiu

    Monday, May 08, 2006 6:01 PM
  • Thanks for your comments

    and is there a tool in Sql Server 2005 in order to protect the code? What can I do?  I need to install a project in the customer, and I would like to protect it.

    Thanks again for your help.

    Haydee

    Tuesday, May 09, 2006 12:42 AM
  • You could use third party components to accomplish this, there sure can be found some by searching in google for them.

    HTH, Jens Suessmeyer.

    ---
    http://www.sqlserver2005.de
    ---
    Tuesday, May 09, 2006 5:59 AM
  •  

    HI,

     

    I am using MSDE 2000 and I will be deploying it with my software application.  I have invested a good bit into my database schema and I don't want it to be viewed by others.

    I can not see why some user can not take the .mdf (multiple mdf's actually) and sp_AttachDB or attach them to their instanced SQL server using EM.  I of course do not want this.

    Maybe someone can clear up the limitations and types of SQL security that can assure no one can simply attach the MDF to see the structure, let alone the data.

    As far as I can see there is Network security as to authentication for a live/instanced SQL server and this has no ability to prevent an MDF from being re-attached and viewed/queried.

    I also see EncryptByPassPhrase which I can use prior to executing a query (if I understand this process which is data remains in encrypted state until its about to be used, then decrypted in memory (I presume ? otherwise someone could grab a snapshot of the mdf while it's in decrypted state ?  {or SQL server has a temp region when using encryption where it places the decrypted data I take it}) and then I have to encrypt it again after processing.

    Neither of these look like they can obfuscate or lock the db schema information, such as table names, structures, fields, field types/attributes etc.

    Sooooooo.....

    How can I prevent a user from seeing the underlying table structures and does anyone know if column encryption will cost me 10 years off my life time wise on large data sets ?

    Thanks

    Tuesday, May 09, 2006 2:30 PM
  • See this recent thread for a discussion of this topic:

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=371562&SiteID=1

    Thanks
    Laurentiu

    Tuesday, May 09, 2006 7:01 PM
  • The only feature for protecting code in SQL Server is the WITH ENCRYPTION clause that we discussed so far. It is weak not necessarily because the encryption is weak (it uses RC4), but because the encryption key can be easily found. An attacker will focus on finding the encryption key rather than breaking the encryption algorithm in such a solution. This is a general problem and for any solution you consider, you should look at how easy it is for someone to find the encryption key.

    This is basically a DRM solution, and I have talked about the difficulty of creating an unbreakable DRM solution on other threads, more recently in:

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=371562&SiteID=1

    Thanks
    Laurentiu

    Tuesday, May 09, 2006 7:21 PM
  • How to protect SQL script, and can not be decrypt via AzSQL Decryptor ?

    I downloaded the SQLDecryptor from http://www.azsql.com, found it very easy to see all the code.

    Thank you.
    Friday, October 10, 2008 3:31 AM