Solved

encyps queries mssql

Posted on 2016-11-19
15
27 Views
Last Modified: 2016-11-20
hi how can we send an encrpted query so where we work on we don't leeave our "know-how"?  is there a way?  Thank you very much experts.
0
Comment
Question by:rayluvs
  • 7
  • 5
  • 3
15 Comments
 
LVL 18

Expert Comment

by:Pawan Kumar Khowal
ID: 41894185
can you explain more ?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41894193
Is it about SQL script text files? If so, how should they get executed then?
Do you want to "protect" network transmission of SQL commands?

You cannot encrypt or obfuscate the executed SQL itself as running on the server - this one needs to be fully functional, and can always be retrieved by e.g. Profiler.
0
 
LVL 18

Expert Comment

by:Pawan Kumar Khowal
ID: 41894195
try this

WITH ENCRYPTION

CREATE PROCEDURE yourStoredProc
WITH ENCRYPTION
AS
BEGIN
	SELECT 'Pawan here !!'
END
GO

Open in new window

0
 

Author Comment

by:rayluvs
ID: 41894202
Yes, the SP works, but we are looking for a way to pass query scripts to clients MS Studio, run it and they don't understand what is being scripted (hope we are explaining ourselves).

Here is the situation:
We are working in a clients ms sql remotely.  However we don't want to let the show our scripts in their window (we found out that the connection is like a teanmviewer, so our work is viewable.... also we have no IP connection to SQL which would made the SP 'WITH ENCRYPTION' perfect).

For example, we connect to clients sql ms server and want to run the query 'select * from table'.  Is there a way we can send the script encrypted and run? (we know this is a very strange question, but please bear with us; we are also looking at our end on how to this)
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41894205
You would need to use a procedure on your side to "encrypt" the SQL, then send over or type the encrypted command as parameter to a decryption SP decoding and executing it. The decoder can be encrypted, as shown above, so that should be safe enough.
A very simple "encryption" would be hex ASCII.
0
 

Author Comment

by:rayluvs
ID: 41894227
Makes sense and we are trying to figure out, but how do we  "encrypt the SQL" at our end and then  "send over or type the encrypted command as parameter to a decryption SP decoding and executing it" ?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41894242
You can e.g. run a local SQL Server with the corresponding encoder procedure, which you call; say: exec sp_sqlencode 'select * from tbl'    which outputs   72af3b9af102. You then copy that result and paste it in the remote SSMS query window as exec sp_cachedexec '72af3b9af102'. The stored procedure then reverts the encryption, constructing the original SQL, then executes it.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:rayluvs
ID: 41894289
Thanx!!! Will try!
0
 

Author Comment

by:rayluvs
ID: 41894294
Ran it gave 'Could not find stored procedure 'sp_sqlencode'...   by any chance, do we have to create some SP code?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41894303
Of course! Those procedures were made up by me for demonstration, to show how it could work with some more effort. If you think you could work this way, we can write simple procedures. I assume you do not want to have something more sophisticated - the encryption could e.g. use the current hour to make the code runnable only for the same hour, and much more. But such stuff should only be used if absolutely necessary.
0
 

Author Comment

by:rayluvs
ID: 41894390
Oh ok, we thought they actually were system-sp (sorry).  

Just FYI, we don't want no security stuff like nasa, we just want to create our querys locally and when copying them over, they are not understandable to the viewer seeing our work, yet when executed, it gives the correct result.

Something like your example with exec sp_sqlencode 'select * from tbl'   (locally) and running on the client site exec sp_cachedexec '72af3b9af102' (remotely) seems good.

Can you provide the code?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 300 total points
ID: 41895152
Here a simple test case:
create function sp_sqlencode(@sql as varchar(max)) returns varbinary(max) as
begin
  return cast(@sql as varbinary(max))
end
go

create procedure sp_cachedexec(@str as varchar(max)) with encryption as
begin
  set @str = convert(varbinary(max), @str, 2)
  exec(@str)
end
go

select dbo.sp_sqlencode('select * from tbl where fld1 = ''CheckThis''')
-- above returns: 0x73656C656374202A2066726F6D2074626C20776865726520666C6431203D2027436865636B5468697327
exec dbo.sp_cachedexec '73656C656374202A2066726F6D2074626C20776865726520666C6431203D2027436865636B5468697327'

Open in new window

Of course you would have to create and execute one half on your site, the other half remotely, and it should be obvious which one were ;-).
Note that you have to enclose string literals inside the SQL in two single quotes instead of one, as the whole SQL is a string itself.
0
 

Author Comment

by:rayluvs
ID: 41895243
Ok, so we create the function, the SP.

To run a specific query, use the function.  
Then to run the encrypted result, use the SP.

That's correct? Are we missing anything?
0
 
LVL 18

Assisted Solution

by:Pawan Kumar Khowal
Pawan Kumar Khowal earned 200 total points
ID: 41895244
Functions are used for some other purpose. Eg. Remove extra characters from a columns value ..
If you want to join dataSet with some other result set. You can use functions in select clause, etc.

Otherwise always use stored procedures. Simple/Encrypted anyone. <<nopts>>
0
 

Author Comment

by:rayluvs
ID: 41895247
Thanx
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now