Comments on: SQL SERVER – Explanation of WITH ENCRYPTION clause for Stored Procedure and User Defined Functions http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/ Notes of a SQL Server MVP and Database Administrator Sat, 21 Nov 2009 05:54:09 +0000 http://wordpress.com/ hourly 1 By: Giri http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-55892 Giri Tue, 15 Sep 2009 16:44:12 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-55892 how to protect table from viewing its data and columns in sql server 2005, we can encrypt SP's and UDF, what abt table, i read an article on this but its for data encryption in table, but i want to encrypt table columns itself, i want to restrict the user from seeing its design how to protect table from viewing its data and columns in sql server 2005, we can encrypt SP’s and UDF, what abt table, i read an article on this but its for data encryption in table, but i want to encrypt table columns itself, i want to restrict the user from seeing its design

]]> By: Elahi_Mohsen http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-47299 Elahi_Mohsen Tue, 24 Feb 2009 22:27:33 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-47299 Hai can anyone tell me how to create a stored procedure with an encryption and password to decrypt it back again when ever requrired. Hai
can anyone tell me how to create a stored procedure with an encryption and password to decrypt it back again when ever requrired.

]]> By: chaitu http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-44459 chaitu Mon, 01 Dec 2008 07:15:32 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-44459 Hai can anyone tell me how to create a stored procedure with an encryption and password to decrypt it back again when ever requrired. Hai
can anyone tell me how to create a stored procedure with an encryption and password to decrypt it back again when ever requrired.

]]> By: Matt http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-43244 Matt Thu, 25 Sep 2008 11:55:11 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-43244 Hi Vinay, Yes, Use the code provided above (copyright prevents redistribution so you'll need to sign up and download the code yourself): http://education.sqlfarms.com/education/ShowPost.aspx?PostID=783. and wrap this up in a cursor or loop. You can even call this using xp_cmdshell 'SQLCMD...' via a batch file if you wanted to pass in other params (multiple db's, server\instance, etc). All the best, Matt. Hi Vinay,

Yes, Use the code provided above (copyright prevents redistribution so you’ll need to sign up and download the code yourself):

http://education.sqlfarms.com/education/ShowPost.aspx?PostID=783.

and wrap this up in a cursor or loop. You can even call this using xp_cmdshell ‘SQLCMD…’ via a batch file if you wanted to pass in other params (multiple db’s, server\instance, etc).

All the best,

Matt.

]]> By: vinay http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-42766 vinay Sat, 13 Sep 2008 15:03:48 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-42766 Hi, Is there anyway of encrypting more than 10 stored procedures at a time????? Please suggest....... Thanks in Advance Hi,

Is there anyway of encrypting more than 10 stored procedures at a time?????

Please suggest…….

Thanks in Advance

]]> By: Abhilash http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-41436 Abhilash Thu, 07 Aug 2008 10:28:36 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-41436 Hello, There is a tool which can decrypt the encrypted stored procedure. Is there any way with which we can restrict decryption of stored procedures? In my situation the database would be in the client side and I would like to enrypt the Stored procedure. Please help. Thanks, Abhilash Hello,

There is a tool which can decrypt the encrypted stored procedure. Is there any way with which we can restrict decryption of stored procedures? In my situation the database would be in the client side and I would like to enrypt the Stored procedure. Please help.

Thanks,
Abhilash

]]> By: Mike Dimmick http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-38868 Mike Dimmick Thu, 29 May 2008 12:55:32 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-38868 In fact, due to a flaw in how SQL Server encrypts an altered procedure, decrypting the original procedure text is easy. SQL Server uses the RC4 cipher algorithm to encrypt the procedure text. This algorithm generates a stream of key data (called the keystream) from a starting key, then encrypts the plaintext by using the XOR operation. The beauty of the XOR operation is that to reverse it, you simply XOR the ciphertext with the keystream. Unfortunately, when you use ALTER PROCEDURE, SQL Server encrypts the new text using the same key as it did when encrypting the original text. This means it uses the same keystream. To recover the keystream when you know the ciphertext and the plaintext, you can simply XOR the ciphertext and plaintext together. You can then recover the original plaintext by XORing the recovered keystream with the original ciphertext. You can find copies of scripts that do this in numerous places, for example at http://education.sqlfarms.com/education/ShowPost.aspx?PostID=783. I'm not sure how SQL Server decides what the encryption key should be - it may be as simple as deriving a key from the procedure's objectid. SQL Server 2005's documentation describes the result as 'obfuscated text' rather than 'encrypted'. In fact, due to a flaw in how SQL Server encrypts an altered procedure, decrypting the original procedure text is easy.

SQL Server uses the RC4 cipher algorithm to encrypt the procedure text. This algorithm generates a stream of key data (called the keystream) from a starting key, then encrypts the plaintext by using the XOR operation. The beauty of the XOR operation is that to reverse it, you simply XOR the ciphertext with the keystream.

Unfortunately, when you use ALTER PROCEDURE, SQL Server encrypts the new text using the same key as it did when encrypting the original text. This means it uses the same keystream. To recover the keystream when you know the ciphertext and the plaintext, you can simply XOR the ciphertext and plaintext together. You can then recover the original plaintext by XORing the recovered keystream with the original ciphertext.

You can find copies of scripts that do this in numerous places, for example at http://education.sqlfarms.com/education/ShowPost.aspx?PostID=783.

I’m not sure how SQL Server decides what the encryption key should be – it may be as simple as deriving a key from the procedure’s objectid.

SQL Server 2005’s documentation describes the result as ‘obfuscated text’ rather than ‘encrypted’.

]]> By: EvilSoul http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-14806 EvilSoul Fri, 05 Oct 2007 05:56:38 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-14806 Well, in my opinion. Instead of encrypt ur stored with FULL and CLEAR code, you need have a "key unlock" column, and a "indexed filter" column. Use "key column" with random algorithms on "indexed filter column" when you do criteria thing. Remember "RANDOM". Problem IS: how to genarate Key Col and Indx Col? Depend your decide. Sorry about my bad English. Well, in my opinion. Instead of encrypt ur stored with FULL and CLEAR code, you need have a “key unlock” column, and a “indexed filter” column. Use “key column” with random algorithms on “indexed filter column” when you do criteria thing. Remember “RANDOM”.

Problem IS: how to genarate Key Col and Indx Col? Depend your decide.

Sorry about my bad English.

]]> By: pinaldave http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-14646 pinaldave Wed, 03 Oct 2007 00:33:12 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-14646 Hi EvilSoul, Please explain what you are suggesting. I am interesting to learn. Regards, Pinal Dave ( http://www.SQLAuthority.com ) Hi EvilSoul,

Please explain what you are suggesting. I am interesting to learn.

Regards,
Pinal Dave ( http://www.SQLAuthority.com )

]]> By: EvilSoul http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-14626 EvilSoul Tue, 02 Oct 2007 15:04:31 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-14626 Answers 1) Use WITH ENCRYPTION while creating Stored Procedure or User Defined Function. 2) Sorry, unfortunately there is no simple way to decrypt the code. Hard way is too hard to even attempt. ------------------------------------------------ No2, I have a simple code for this, I'm not sure about Micro$oft Security. In fact, I've spend alot of money for this buG. Answers
1) Use WITH ENCRYPTION while creating Stored Procedure or User Defined Function.
2) Sorry, unfortunately there is no simple way to decrypt the code. Hard way is too hard to even attempt.

————————————————

No2, I have a simple code for this, I’m not sure about Micro$oft Security.

In fact, I’ve spend alot of money for this buG.

]]> By: Shobha http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-7005 Shobha Tue, 07 Aug 2007 11:33:47 +0000 http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/#comment-7005 Hi, I am working on SQL 2000 n 2005,Can you plz send me the major differences b/w them. And when will the cold fusion be applicable..Wat kind of scenarios Hi,
I am working on SQL 2000 n 2005,Can you plz send me the major differences b/w them. And when will the cold fusion be applicable..Wat kind of scenarios

]]>