Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

encyps queries mssql

Posted on 2016-11-19
15
Medium Priority
?
48 Views
Last Modified: 2016-11-20
hi how can we send an encrpted query so where we work on we don't leeave our "know-how"?  is there a way?  Thank you very much experts.
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
15 Comments
 
LVL 30

Expert Comment

by:Pawan Kumar
ID: 41894185
can you explain more ?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41894193
Is it about SQL script text files? If so, how should they get executed then?
Do you want to "protect" network transmission of SQL commands?

You cannot encrypt or obfuscate the executed SQL itself as running on the server - this one needs to be fully functional, and can always be retrieved by e.g. Profiler.
0
 
LVL 30

Expert Comment

by:Pawan Kumar
ID: 41894195
try this

WITH ENCRYPTION

CREATE PROCEDURE yourStoredProc
WITH ENCRYPTION
AS
BEGIN
	SELECT 'Pawan here !!'
END
GO

Open in new window

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:rayluvs
ID: 41894202
Yes, the SP works, but we are looking for a way to pass query scripts to clients MS Studio, run it and they don't understand what is being scripted (hope we are explaining ourselves).

Here is the situation:
We are working in a clients ms sql remotely.  However we don't want to let the show our scripts in their window (we found out that the connection is like a teanmviewer, so our work is viewable.... also we have no IP connection to SQL which would made the SP 'WITH ENCRYPTION' perfect).

For example, we connect to clients sql ms server and want to run the query 'select * from table'.  Is there a way we can send the script encrypted and run? (we know this is a very strange question, but please bear with us; we are also looking at our end on how to this)
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41894205
You would need to use a procedure on your side to "encrypt" the SQL, then send over or type the encrypted command as parameter to a decryption SP decoding and executing it. The decoder can be encrypted, as shown above, so that should be safe enough.
A very simple "encryption" would be hex ASCII.
0
 

Author Comment

by:rayluvs
ID: 41894227
Makes sense and we are trying to figure out, but how do we  "encrypt the SQL" at our end and then  "send over or type the encrypted command as parameter to a decryption SP decoding and executing it" ?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41894242
You can e.g. run a local SQL Server with the corresponding encoder procedure, which you call; say: exec sp_sqlencode 'select * from tbl'    which outputs   72af3b9af102. You then copy that result and paste it in the remote SSMS query window as exec sp_cachedexec '72af3b9af102'. The stored procedure then reverts the encryption, constructing the original SQL, then executes it.
0
 

Author Comment

by:rayluvs
ID: 41894289
Thanx!!! Will try!
0
 

Author Comment

by:rayluvs
ID: 41894294
Ran it gave 'Could not find stored procedure 'sp_sqlencode'...   by any chance, do we have to create some SP code?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41894303
Of course! Those procedures were made up by me for demonstration, to show how it could work with some more effort. If you think you could work this way, we can write simple procedures. I assume you do not want to have something more sophisticated - the encryption could e.g. use the current hour to make the code runnable only for the same hour, and much more. But such stuff should only be used if absolutely necessary.
0
 

Author Comment

by:rayluvs
ID: 41894390
Oh ok, we thought they actually were system-sp (sorry).  

Just FYI, we don't want no security stuff like nasa, we just want to create our querys locally and when copying them over, they are not understandable to the viewer seeing our work, yet when executed, it gives the correct result.

Something like your example with exec sp_sqlencode 'select * from tbl'   (locally) and running on the client site exec sp_cachedexec '72af3b9af102' (remotely) seems good.

Can you provide the code?
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1200 total points
ID: 41895152
Here a simple test case:
create function sp_sqlencode(@sql as varchar(max)) returns varbinary(max) as
begin
  return cast(@sql as varbinary(max))
end
go

create procedure sp_cachedexec(@str as varchar(max)) with encryption as
begin
  set @str = convert(varbinary(max), @str, 2)
  exec(@str)
end
go

select dbo.sp_sqlencode('select * from tbl where fld1 = ''CheckThis''')
-- above returns: 0x73656C656374202A2066726F6D2074626C20776865726520666C6431203D2027436865636B5468697327
exec dbo.sp_cachedexec '73656C656374202A2066726F6D2074626C20776865726520666C6431203D2027436865636B5468697327'

Open in new window

Of course you would have to create and execute one half on your site, the other half remotely, and it should be obvious which one were ;-).
Note that you have to enclose string literals inside the SQL in two single quotes instead of one, as the whole SQL is a string itself.
0
 

Author Comment

by:rayluvs
ID: 41895243
Ok, so we create the function, the SP.

To run a specific query, use the function.  
Then to run the encrypted result, use the SP.

That's correct? Are we missing anything?
0
 
LVL 30

Assisted Solution

by:Pawan Kumar
Pawan Kumar earned 800 total points
ID: 41895244
Functions are used for some other purpose. Eg. Remove extra characters from a columns value ..
If you want to join dataSet with some other result set. You can use functions in select clause, etc.

Otherwise always use stored procedures. Simple/Encrypted anyone. <<nopts>>
0
 

Author Comment

by:rayluvs
ID: 41895247
Thanx
0

Featured Post

PowerShell Core for Advanced Linux Administrators

Understand advanced principals around Powershell Core with a focus on the Linux Administrator.  This course covers how to administer numerous environments across multiple platforms including Linux, Azure, AWS, and Google Cloud from a single shell instance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
Composite queries are used to retrieve the results from joining multiple queries after applying any filters. UNION, INTERSECT, MINUS, and UNION ALL are some of the operators used to get certain desired results.​
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question