Comments on: SQL SERVER – Explanation of WITH ENCRYPTION clause for Stored Procedure and User Defined Functions

By: Rukhsar Ahmad

Rukhsar Ahmad — Fri, 18 Nov 2011 07:22:21 +0000

no need to reply..i have created my own utilities for script creation using SMO programming

By: Rukhsar Ahmad

Rukhsar Ahmad — Wed, 16 Nov 2011 04:04:58 +0000

is there any tool for sp encryption??

By: Rukhsar Ahmad

Rukhsar Ahmad — Wed, 16 Nov 2011 03:59:36 +0000

is there any to get the SP main query part only…for example

create proc getinfo
(
@id int
) select *from infotable where id=@id

we can the sp parametres and data type with help of sys tables…but how i can get the sp main script part i.e. select *from infotable where id=@id only???

By: optillect

optillect — Thu, 23 Jun 2011 21:40:20 +0000

@Naga, does SQL Decryptor Freeware meet your needs?

By: naji

naji — Sun, 15 May 2011 18:44:04 +0000

I have onlin exam how i do encrypt /decrypt database files or tables like ( question , answer . and result …etc) please can you explenation me step by step

thanks

By: naga

naga — Mon, 04 Apr 2011 08:20:45 +0000

i was working on SQL SERVER DBA

i faced one problem from ENCRYPTED STORED PROCEDURES

HOW TO RETRIEVE AND HOW TO READ THE ENCRYPTED STORED PROCEDURE FROM SQL DATABASE

THANK U

By: Optillect Team

Optillect Team — Sun, 31 Oct 2010 10:25:54 +0000

Well, it’s pretty easy. Run Optillect SQL Decryptor Freeware, decrypt a stored procedure you need, and copy the DDL script. Then run Microsoft SQL Server Management Studio, create new SQL editor with the same connection, paste the DDL script from the clipboard. Now remove “WITH ENCRYPTION” option, replace “CREATE” keyword with “ALTER” and execute the script. Thus you’ll get your stored procedure stored with no ecryption.
Unfortunately, SQL Decryptor v1.1 cannot do it automatically at the moment, but we are planning to support this feature in the next release.

By: Narendra Thakur, Karsog, Himachal Pradesh

Narendra Thakur, Karsog, Himachal Pradesh — Sat, 23 Oct 2010 07:08:21 +0000

Dear Sir,

I have my StoredProcedure encrypted using “WITH ENCRYPTION”.
Now how can I make changes in this stored procedure.

Reply Soon!!!

Regards,

NarendraThakur

By: Optillect Team

Optillect Team — Sun, 12 Sep 2010 21:59:36 +0000

Hello guys,
We strongly recommend NOT to use WITH ENCRYPTION option, because as easy to encrypt, as easy to decrypt. Unfortunatelly, SQL Server uses database’s GUID and object’s ID as a key for deprecated RC4, and then simple byte-wise XOR. We hope Microsoft SQL Server’s team will eliminate this flaw or just desist support this option. As a solution we provide our FREEWARE named SQL Decryptor. Check it out on our web-site.

By: hingman

hingman — Wed, 25 Aug 2010 06:42:41 +0000

I recently encountered the same problem.
Finally, I was using AzSQL Decryptor to view.

Good luck.

By: deepak Kumar

deepak Kumar — Fri, 06 Aug 2010 06:18:00 +0000

how can i decrypt view in sql server 2008

By: Kelkar

Kelkar — Mon, 26 Apr 2010 10:24:42 +0000

Hi Pinal Dave,
I understand the risk of Encrypting the sp’s, but As i am experiencing the security risk of my database as it can be easily copied to other system and get attached to another instance, I feel need of encryption. Even creating the user won’t help in these conditions.
Though i am new to MS SQL, I strongly fee that MS should incorporate the user specific database files for strong security of the database.

By: Vishal Ahir

Vishal Ahir — Wed, 10 Mar 2010 09:37:16 +0000

Hi Pinal Dave,
If i create one encrypted SP then please tale me how to give permission to selected login user like sa or other user which i created

By: Bab

Bab — Thu, 21 Jan 2010 04:33:33 +0000

Hi Pinal,

Only privileged users who can access system tables over the DAC port or directly access database files as well as can attach a debugger to the server process can retrieve the decrypted procedure from memory at runtime.

Is that mean administrator can view the decrypted procedure? Is there any way to hide or prevent from retrieving the decryted script from the administrator?

I also read on some articles that there are some softwares to decrypt the encrypted SQL scripts. Can we prevent such softwares from decrypting the encrypted SQL scripts?

By: Bhavesh

Bhavesh — Wed, 13 Jan 2010 13:16:59 +0000

Hi,
How do we encrypt multiple stored procedures in one go? (Surely, keeping source copy in another database )

By: Pinal Dave

Pinal Dave — Thu, 07 Jan 2010 18:01:26 +0000

Hello Krishna,

In user database set the user’s property to remove the View Definition permision on selected or all stored procedures. You can also remove the Execute permission on stored procedures. For this go to database > Security > Users > right click a user > Properties > Securables > here add object and set the permissions on that object.

Regards,
Pinal Dave

By: krishna

krishna — Thu, 07 Jan 2010 08:04:00 +0000

please tel me how to hide the created storde procedurs from user

By: Devarajan

Devarajan — Fri, 04 Dec 2009 10:31:16 +0000

Hi Giri,

Did you get any solution for encrypting table structures (not table data)? Please forward me here.

Thanks in Advance.

By: Giri

Giri — Tue, 15 Sep 2009 16:44:12 +0000

how to protect table from viewing its data and columns in sql server 2005, we can encrypt SP’s and UDF, what abt table, i read an article on this but its for data encryption in table, but i want to encrypt table columns itself, i want to restrict the user from seeing its design

By: Elahi_Mohsen

Elahi_Mohsen — Tue, 24 Feb 2009 22:27:33 +0000

Hai
can anyone tell me how to create a stored procedure with an encryption and password to decrypt it back again when ever requrired.

By: chaitu

chaitu — Mon, 01 Dec 2008 07:15:32 +0000

Hai
can anyone tell me how to create a stored procedure with an encryption and password to decrypt it back again when ever requrired.

By: Matt

Matt — Thu, 25 Sep 2008 11:55:11 +0000

Hi Vinay,

Yes, Use the code provided above (copyright prevents redistribution so you’ll need to sign up and download the code yourself):

http://education.sqlfarms.com/education/ShowPost.aspx?PostID=783.

and wrap this up in a cursor or loop. You can even call this using xp_cmdshell ‘SQLCMD…’ via a batch file if you wanted to pass in other params (multiple db’s, server\instance, etc).

All the best,

Matt.

By: vinay

vinay — Sat, 13 Sep 2008 15:03:48 +0000

Hi,

Is there anyway of encrypting more than 10 stored procedures at a time?????

Please suggest…….

Thanks in Advance

By: Abhilash

Abhilash — Thu, 07 Aug 2008 10:28:36 +0000

Hello,

There is a tool which can decrypt the encrypted stored procedure. Is there any way with which we can restrict decryption of stored procedures? In my situation the database would be in the client side and I would like to enrypt the Stored procedure. Please help.

Thanks,
Abhilash

By: Mike Dimmick

Mike Dimmick — Thu, 29 May 2008 12:55:32 +0000

In fact, due to a flaw in how SQL Server encrypts an altered procedure, decrypting the original procedure text is easy.

SQL Server uses the RC4 cipher algorithm to encrypt the procedure text. This algorithm generates a stream of key data (called the keystream) from a starting key, then encrypts the plaintext by using the XOR operation. The beauty of the XOR operation is that to reverse it, you simply XOR the ciphertext with the keystream.

Unfortunately, when you use ALTER PROCEDURE, SQL Server encrypts the new text using the same key as it did when encrypting the original text. This means it uses the same keystream. To recover the keystream when you know the ciphertext and the plaintext, you can simply XOR the ciphertext and plaintext together. You can then recover the original plaintext by XORing the recovered keystream with the original ciphertext.

You can find copies of scripts that do this in numerous places, for example at http://education.sqlfarms.com/education/ShowPost.aspx?PostID=783.

I’m not sure how SQL Server decides what the encryption key should be – it may be as simple as deriving a key from the procedure’s objectid.

SQL Server 2005′s documentation describes the result as ‘obfuscated text’ rather than ‘encrypted’.