Solved

encyps queries mssql

Posted on 2016-11-19
15
38 Views
Last Modified: 2016-11-20
hi how can we send an encrpted query so where we work on we don't leeave our "know-how"?  is there a way?  Thank you very much experts.
0
Comment
Question by:rayluvs
  • 7
  • 5
  • 3
15 Comments
 
LVL 24

Expert Comment

by:Pawan Kumar
ID: 41894185
can you explain more ?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41894193
Is it about SQL script text files? If so, how should they get executed then?
Do you want to "protect" network transmission of SQL commands?

You cannot encrypt or obfuscate the executed SQL itself as running on the server - this one needs to be fully functional, and can always be retrieved by e.g. Profiler.
0
 
LVL 24

Expert Comment

by:Pawan Kumar
ID: 41894195
try this

WITH ENCRYPTION

CREATE PROCEDURE yourStoredProc
WITH ENCRYPTION
AS
BEGIN
	SELECT 'Pawan here !!'
END
GO

Open in new window

0
 

Author Comment

by:rayluvs
ID: 41894202
Yes, the SP works, but we are looking for a way to pass query scripts to clients MS Studio, run it and they don't understand what is being scripted (hope we are explaining ourselves).

Here is the situation:
We are working in a clients ms sql remotely.  However we don't want to let the show our scripts in their window (we found out that the connection is like a teanmviewer, so our work is viewable.... also we have no IP connection to SQL which would made the SP 'WITH ENCRYPTION' perfect).

For example, we connect to clients sql ms server and want to run the query 'select * from table'.  Is there a way we can send the script encrypted and run? (we know this is a very strange question, but please bear with us; we are also looking at our end on how to this)
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41894205
You would need to use a procedure on your side to "encrypt" the SQL, then send over or type the encrypted command as parameter to a decryption SP decoding and executing it. The decoder can be encrypted, as shown above, so that should be safe enough.
A very simple "encryption" would be hex ASCII.
0
 

Author Comment

by:rayluvs
ID: 41894227
Makes sense and we are trying to figure out, but how do we  "encrypt the SQL" at our end and then  "send over or type the encrypted command as parameter to a decryption SP decoding and executing it" ?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41894242
You can e.g. run a local SQL Server with the corresponding encoder procedure, which you call; say: exec sp_sqlencode 'select * from tbl'    which outputs   72af3b9af102. You then copy that result and paste it in the remote SSMS query window as exec sp_cachedexec '72af3b9af102'. The stored procedure then reverts the encryption, constructing the original SQL, then executes it.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:rayluvs
ID: 41894289
Thanx!!! Will try!
0
 

Author Comment

by:rayluvs
ID: 41894294
Ran it gave 'Could not find stored procedure 'sp_sqlencode'...   by any chance, do we have to create some SP code?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41894303
Of course! Those procedures were made up by me for demonstration, to show how it could work with some more effort. If you think you could work this way, we can write simple procedures. I assume you do not want to have something more sophisticated - the encryption could e.g. use the current hour to make the code runnable only for the same hour, and much more. But such stuff should only be used if absolutely necessary.
0
 

Author Comment

by:rayluvs
ID: 41894390
Oh ok, we thought they actually were system-sp (sorry).  

Just FYI, we don't want no security stuff like nasa, we just want to create our querys locally and when copying them over, they are not understandable to the viewer seeing our work, yet when executed, it gives the correct result.

Something like your example with exec sp_sqlencode 'select * from tbl'   (locally) and running on the client site exec sp_cachedexec '72af3b9af102' (remotely) seems good.

Can you provide the code?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 300 total points
ID: 41895152
Here a simple test case:
create function sp_sqlencode(@sql as varchar(max)) returns varbinary(max) as
begin
  return cast(@sql as varbinary(max))
end
go

create procedure sp_cachedexec(@str as varchar(max)) with encryption as
begin
  set @str = convert(varbinary(max), @str, 2)
  exec(@str)
end
go

select dbo.sp_sqlencode('select * from tbl where fld1 = ''CheckThis''')
-- above returns: 0x73656C656374202A2066726F6D2074626C20776865726520666C6431203D2027436865636B5468697327
exec dbo.sp_cachedexec '73656C656374202A2066726F6D2074626C20776865726520666C6431203D2027436865636B5468697327'

Open in new window

Of course you would have to create and execute one half on your site, the other half remotely, and it should be obvious which one were ;-).
Note that you have to enclose string literals inside the SQL in two single quotes instead of one, as the whole SQL is a string itself.
0
 

Author Comment

by:rayluvs
ID: 41895243
Ok, so we create the function, the SP.

To run a specific query, use the function.  
Then to run the encrypted result, use the SP.

That's correct? Are we missing anything?
0
 
LVL 24

Assisted Solution

by:Pawan Kumar
Pawan Kumar earned 200 total points
ID: 41895244
Functions are used for some other purpose. Eg. Remove extra characters from a columns value ..
If you want to join dataSet with some other result set. You can use functions in select clause, etc.

Otherwise always use stored procedures. Simple/Encrypted anyone. <<nopts>>
0
 

Author Comment

by:rayluvs
ID: 41895247
Thanx
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SQL Server engine let you use a Windows account or a SQL Server account to connect to a SQL Server instance. This can be configured immediatly during the SQL Server installation or after in the Server Authentication section in the Server properties …
This article describes how to use the timestamp of existing data in a database to allow Tableau to calculate the prior work day instead of relying on case statements or if statements to calculate the days of the week.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now