Solved

encyps queries mssql

Posted on 2016-11-19
15
44 Views
Last Modified: 2016-11-20
hi how can we send an encrpted query so where we work on we don't leeave our "know-how"?  is there a way?  Thank you very much experts.
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
15 Comments
 
LVL 29

Expert Comment

by:Pawan Kumar
ID: 41894185
can you explain more ?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41894193
Is it about SQL script text files? If so, how should they get executed then?
Do you want to "protect" network transmission of SQL commands?

You cannot encrypt or obfuscate the executed SQL itself as running on the server - this one needs to be fully functional, and can always be retrieved by e.g. Profiler.
0
 
LVL 29

Expert Comment

by:Pawan Kumar
ID: 41894195
try this

WITH ENCRYPTION

CREATE PROCEDURE yourStoredProc
WITH ENCRYPTION
AS
BEGIN
	SELECT 'Pawan here !!'
END
GO

Open in new window

0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:rayluvs
ID: 41894202
Yes, the SP works, but we are looking for a way to pass query scripts to clients MS Studio, run it and they don't understand what is being scripted (hope we are explaining ourselves).

Here is the situation:
We are working in a clients ms sql remotely.  However we don't want to let the show our scripts in their window (we found out that the connection is like a teanmviewer, so our work is viewable.... also we have no IP connection to SQL which would made the SP 'WITH ENCRYPTION' perfect).

For example, we connect to clients sql ms server and want to run the query 'select * from table'.  Is there a way we can send the script encrypted and run? (we know this is a very strange question, but please bear with us; we are also looking at our end on how to this)
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41894205
You would need to use a procedure on your side to "encrypt" the SQL, then send over or type the encrypted command as parameter to a decryption SP decoding and executing it. The decoder can be encrypted, as shown above, so that should be safe enough.
A very simple "encryption" would be hex ASCII.
0
 

Author Comment

by:rayluvs
ID: 41894227
Makes sense and we are trying to figure out, but how do we  "encrypt the SQL" at our end and then  "send over or type the encrypted command as parameter to a decryption SP decoding and executing it" ?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41894242
You can e.g. run a local SQL Server with the corresponding encoder procedure, which you call; say: exec sp_sqlencode 'select * from tbl'    which outputs   72af3b9af102. You then copy that result and paste it in the remote SSMS query window as exec sp_cachedexec '72af3b9af102'. The stored procedure then reverts the encryption, constructing the original SQL, then executes it.
0
 

Author Comment

by:rayluvs
ID: 41894289
Thanx!!! Will try!
0
 

Author Comment

by:rayluvs
ID: 41894294
Ran it gave 'Could not find stored procedure 'sp_sqlencode'...   by any chance, do we have to create some SP code?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41894303
Of course! Those procedures were made up by me for demonstration, to show how it could work with some more effort. If you think you could work this way, we can write simple procedures. I assume you do not want to have something more sophisticated - the encryption could e.g. use the current hour to make the code runnable only for the same hour, and much more. But such stuff should only be used if absolutely necessary.
0
 

Author Comment

by:rayluvs
ID: 41894390
Oh ok, we thought they actually were system-sp (sorry).  

Just FYI, we don't want no security stuff like nasa, we just want to create our querys locally and when copying them over, they are not understandable to the viewer seeing our work, yet when executed, it gives the correct result.

Something like your example with exec sp_sqlencode 'select * from tbl'   (locally) and running on the client site exec sp_cachedexec '72af3b9af102' (remotely) seems good.

Can you provide the code?
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 300 total points
ID: 41895152
Here a simple test case:
create function sp_sqlencode(@sql as varchar(max)) returns varbinary(max) as
begin
  return cast(@sql as varbinary(max))
end
go

create procedure sp_cachedexec(@str as varchar(max)) with encryption as
begin
  set @str = convert(varbinary(max), @str, 2)
  exec(@str)
end
go

select dbo.sp_sqlencode('select * from tbl where fld1 = ''CheckThis''')
-- above returns: 0x73656C656374202A2066726F6D2074626C20776865726520666C6431203D2027436865636B5468697327
exec dbo.sp_cachedexec '73656C656374202A2066726F6D2074626C20776865726520666C6431203D2027436865636B5468697327'

Open in new window

Of course you would have to create and execute one half on your site, the other half remotely, and it should be obvious which one were ;-).
Note that you have to enclose string literals inside the SQL in two single quotes instead of one, as the whole SQL is a string itself.
0
 

Author Comment

by:rayluvs
ID: 41895243
Ok, so we create the function, the SP.

To run a specific query, use the function.  
Then to run the encrypted result, use the SP.

That's correct? Are we missing anything?
0
 
LVL 29

Assisted Solution

by:Pawan Kumar
Pawan Kumar earned 200 total points
ID: 41895244
Functions are used for some other purpose. Eg. Remove extra characters from a columns value ..
If you want to join dataSet with some other result set. You can use functions in select clause, etc.

Otherwise always use stored procedures. Simple/Encrypted anyone. <<nopts>>
0
 

Author Comment

by:rayluvs
ID: 41895247
Thanx
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you find yourself in this situation “I have used SELECT DISTINCT but I’m getting duplicates” then I'm sorry to say you are using the wrong SQL technique as it only does one thing which is: produces whole rows that are unique. If the results you a…
Composite queries are used to retrieve the results from joining multiple queries after applying any filters. UNION, INTERSECT, MINUS, and UNION ALL are some of the operators used to get certain desired results.​
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question