Comments on: SQL SERVER – Stored Procedure WITH ENCRYPTION and Execution Plan

By: Maffin

Maffin — Thu, 07 Feb 2013 15:51:53 +0000

Thank you Pinal, i like you blog. Your posts are so helpful and to the point.

By: Jens Johanneson

Jens Johanneson — Fri, 21 Dec 2012 11:49:31 +0000

and of course “We’ve moved away from decrypting sprocs.” should be We’ve moved away from ENCRYPTED sprocs.”

By: Jens Johanneson

Jens Johanneson — Fri, 21 Dec 2012 11:48:13 +0000

As pleitch already states – it is possible to decrypt sprocs. If you have a few you don’t need a special tool. Instead google “dac decrypt sprocs”.

A strong word of caution:
We’ve moved away from decrypting sprocs.

Search for “Now to the not so good sides” on:

http://blog.sqlauthority.com/2006/12/10/sql-server-find-stored-procedure-related-to-table-in-database-search-in-all-stored-procedure/

to understand why.

By: SQL SERVER – Beginning New Weekly Series – Memory Lane – #001 « SQL Server Journey with SQL Authority

Sat, 03 Nov 2012 01:31:06 +0000

[...] Stored Procedure WITH ENCRYPTION and Execution Plan If you have stored procedure and its code is encrypted when you execute it what will be displayed in the execution plan. There are two kinds of execution plans 1) Estimated and 2) Actual. It will be indeed interesting to know what is displayed in both the cases when Stored Procedure is encrypted. What is your guess? Now go ahead and click on here and figure out your answer. [...]

By: Nick

Nick — Fri, 26 Oct 2012 10:33:32 +0000

Well these stored procs in this example were created with a hash in the front of the name, therefore they are TEMP stored procs, just like temp tables. That’s why you can’s see them in the Stored Procedures list on the server

By: Rob Reid

Rob Reid — Fri, 22 Jun 2012 05:33:45 +0000

Try right clicking the Stored Procedures folder and select “Refresh”

By: pleitch

pleitch — Sun, 10 Jun 2012 17:33:16 +0000

Hi Vinay

You asked about decrypting “With Encryption” scripts. There’s a tool here that will do it but only if you are an admin on that SQL Server:

http://www.sqladmintools.com/decrypting-scripts.aspx

By: Sridhar

Sridhar — Wed, 11 Jan 2012 14:35:33 +0000

Hi,
Good example, But if i know the SP name(EncryptSP) . Use this name, I can able to modify the SP. So, What is the use of ENCRYPTION.

By: Rajat Jaiswal

Rajat Jaiswal — Thu, 10 Mar 2011 07:24:10 +0000

Hi,
I would like add one more question here how SQL server internally handle this ?
what are the performance constraint ?

although i found many articles that it is not safe enough it can easily be decrypted so is there any other way?

Thanks
Rajat

By: SQLNewbie

SQLNewbie — Wed, 05 May 2010 18:16:39 +0000

Where are these SPs stored? I created them in the AdventureWorks db and was able to run them, however when I looked in the AdventureWorks\Programmability\Stored Procedures directory, neither SP was there.

Also, what are your thoughts on creating an encrypted SP that queries encrypted data? Is this a good/bad way to keep the keys and certificate hidden?

Thanks for your help.

By: Vinay

Vinay — Fri, 09 Apr 2010 09:33:19 +0000

Hi,

I am having about 1000 store procedure and view.
Is there any way to generate store procedure and view objects encrypted script?

Thx in advance

Vinay K

By: Bala

Bala — Tue, 09 Mar 2010 06:03:53 +0000

Hi All,
There are decrypters available in Net to decrypt all our Encrypted SPs..So how to make our logic protected from those decrypters..we have to use our own encription algo (:’( ) or any loop holes are there ?? any idea?

By: Gajanan

Gajanan — Mon, 03 Nov 2008 11:15:59 +0000

Hi Pinal,

I would like to know the performance impact of using temp tables in stored procedures. I believe temp table cause SP recompilation.

I would like to why and when this causes the stored procudre to recompile? I would also like to know the improvement in SQL 2005.

Thank you.

By: Imran Mohammed

Imran Mohammed — Sun, 02 Nov 2008 16:53:13 +0000

Pinal,
Thanks for this Tip.

Worth noting is, this concept works only with SQL Server 2005. I tried doing this in SQL Server 2000. Even if you include With encryption in your stored proc, in SQL Server 2000 you will be able to see the execution plan. Since you did not mention this in your article I thought it will work in both.

@mdma

Main Idea behind using with encryption is to hide the SQL Code, not the execution plan. Like Pinal mentioned in his article, many business logics are written in stored procedures which companies do not want others to know. This is the case especially with COTS products.

In SQL Server 2005 SSMS ( Object explorer ), you can see a Lock symbol on stored procedure name indicating this stored procedure is encrypted.

Thanks,
Imran.

By: mdma

mdma — Sun, 02 Nov 2008 07:13:22 +0000

thanks for the info and for keeping your blog interesting for long time.

now what reason do i have to encrypt sp’s or better to say hide an execution plan?