Wednesday, March 21, 2012

Encrypting DECRYPTED Stored Procedure.....

Hi
At the moment i don't remember but some times back i found an stored procedure that can DECRYPT
all ENCRYPTED objects in sqlServer2000 ( i will try to put URL here) such as stored procedures,Triggers and even View(s).
Now i'm writing a very confidential StoredProcedure and i don't want to be hack in this way.
Is teher any way to prevent this.Has this Bug been fixed by any of Service Packs.?

Thanks in advance.
Kind Regards.

I think you can easily decrypt SQL encryptions because the SQL rand function is not really random this is not just SQL Server because there are infinite numbers between 6 and 13 but all SQL random functions Oracle and MySQL included can only give you whole numbers which makes it easy to be decrypted. And Microsoft tells you it is not deterministic and not to use it to encrypt anything of value.

That said if you don't want your stored proc decrypted go into the first link and download the free book from Microsoft with ready to use encryption code convert that to CLR stored proc so you know the content cannot be decrypted. The second link is a cleaned up version of the free code in Microsoft book, there are encoding problems with the original code. Hope this helps.

http://msdn2.microsoft.com/en-us/library/aa302415.aspx

http://www.obviex.com/Resources/Samples.aspx

No comments:

Post a Comment