• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 56
  • Last Modified:

encyps queries mssql

hi how can we send an encrpted query so where we work on we don't leeave our "know-how"?  is there a way?  Thank you very much experts.
0
rayluvs
Asked:
rayluvs
  • 7
  • 5
  • 3
2 Solutions
 
Pawan KumarDatabase ExpertCommented:
can you explain more ?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Is it about SQL script text files? If so, how should they get executed then?
Do you want to "protect" network transmission of SQL commands?

You cannot encrypt or obfuscate the executed SQL itself as running on the server - this one needs to be fully functional, and can always be retrieved by e.g. Profiler.
0
 
Pawan KumarDatabase ExpertCommented:
try this

WITH ENCRYPTION

CREATE PROCEDURE yourStoredProc
WITH ENCRYPTION
AS
BEGIN
	SELECT 'Pawan here !!'
END
GO

Open in new window

0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
rayluvsAuthor Commented:
Yes, the SP works, but we are looking for a way to pass query scripts to clients MS Studio, run it and they don't understand what is being scripted (hope we are explaining ourselves).

Here is the situation:
We are working in a clients ms sql remotely.  However we don't want to let the show our scripts in their window (we found out that the connection is like a teanmviewer, so our work is viewable.... also we have no IP connection to SQL which would made the SP 'WITH ENCRYPTION' perfect).

For example, we connect to clients sql ms server and want to run the query 'select * from table'.  Is there a way we can send the script encrypted and run? (we know this is a very strange question, but please bear with us; we are also looking at our end on how to this)
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
You would need to use a procedure on your side to "encrypt" the SQL, then send over or type the encrypted command as parameter to a decryption SP decoding and executing it. The decoder can be encrypted, as shown above, so that should be safe enough.
A very simple "encryption" would be hex ASCII.
0
 
rayluvsAuthor Commented:
Makes sense and we are trying to figure out, but how do we  "encrypt the SQL" at our end and then  "send over or type the encrypted command as parameter to a decryption SP decoding and executing it" ?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
You can e.g. run a local SQL Server with the corresponding encoder procedure, which you call; say: exec sp_sqlencode 'select * from tbl'    which outputs   72af3b9af102. You then copy that result and paste it in the remote SSMS query window as exec sp_cachedexec '72af3b9af102'. The stored procedure then reverts the encryption, constructing the original SQL, then executes it.
0
 
rayluvsAuthor Commented:
Thanx!!! Will try!
0
 
rayluvsAuthor Commented:
Ran it gave 'Could not find stored procedure 'sp_sqlencode'...   by any chance, do we have to create some SP code?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Of course! Those procedures were made up by me for demonstration, to show how it could work with some more effort. If you think you could work this way, we can write simple procedures. I assume you do not want to have something more sophisticated - the encryption could e.g. use the current hour to make the code runnable only for the same hour, and much more. But such stuff should only be used if absolutely necessary.
0
 
rayluvsAuthor Commented:
Oh ok, we thought they actually were system-sp (sorry).  

Just FYI, we don't want no security stuff like nasa, we just want to create our querys locally and when copying them over, they are not understandable to the viewer seeing our work, yet when executed, it gives the correct result.

Something like your example with exec sp_sqlencode 'select * from tbl'   (locally) and running on the client site exec sp_cachedexec '72af3b9af102' (remotely) seems good.

Can you provide the code?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Here a simple test case:
create function sp_sqlencode(@sql as varchar(max)) returns varbinary(max) as
begin
  return cast(@sql as varbinary(max))
end
go

create procedure sp_cachedexec(@str as varchar(max)) with encryption as
begin
  set @str = convert(varbinary(max), @str, 2)
  exec(@str)
end
go

select dbo.sp_sqlencode('select * from tbl where fld1 = ''CheckThis''')
-- above returns: 0x73656C656374202A2066726F6D2074626C20776865726520666C6431203D2027436865636B5468697327
exec dbo.sp_cachedexec '73656C656374202A2066726F6D2074626C20776865726520666C6431203D2027436865636B5468697327'

Open in new window

Of course you would have to create and execute one half on your site, the other half remotely, and it should be obvious which one were ;-).
Note that you have to enclose string literals inside the SQL in two single quotes instead of one, as the whole SQL is a string itself.
0
 
rayluvsAuthor Commented:
Ok, so we create the function, the SP.

To run a specific query, use the function.  
Then to run the encrypted result, use the SP.

That's correct? Are we missing anything?
0
 
Pawan KumarDatabase ExpertCommented:
Functions are used for some other purpose. Eg. Remove extra characters from a columns value ..
If you want to join dataSet with some other result set. You can use functions in select clause, etc.

Otherwise always use stored procedures. Simple/Encrypted anyone. <<nopts>>
0
 
rayluvsAuthor Commented:
Thanx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

  • 7
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now