sqlschool.gr logo

articles

Articles of SQLschool.gr Team

The truth about WITH ENCRYPTION option

Antonios Chatzipavlis
Friday 07 October 2011

Όταν βάζουμε το WITH ENCRYPTION option σε μια stored procedure, ένα trigger, μια function ή ένα view ξέρουμε ότι αυτόματα ο κώδικας δεν είναι ορατός. Θα μπορούσαμε να πούμε ότι είναι κλειδωμένος.

Δεν ξέρω αν το γνωρίζεται αλλά ο SQL Server δεν είναι ένα digital rights management system αυτό σημαίνει ότι ο κώδικας που έχει γραφεί μέσα μια sp, function κλπ δεν είναι encrypted, αλλά απλά obfuscated.

Το obfuscation αυτό ο SQL Server εδώ και πολλά χρόνια από τότε που εμφανίστηκε το with encryption option (ούτε καν θυμάμαι από πότε) το κάνει με το να εφαρμόσει bitwise OR στο κείμενο του κώδικα.

Αυτό σημαίνει ότι όποιος χρήστης έχει δικαιώματα VIEW DEFINITION μπορεί να δει τον κώδικα μιας encrypted stored procedure κλπ, αρκεί να εκτελέσει μια άλλη sp που κάνει decrypt το περιεχόμενο της.

Αν ψάξετε στο internet θα βρείτε πολλές. Απλά σας παραθέτω μία που τυχαία τσίμπησα από τα msdn forums και η οποία δουλεύει σε SQL Server 2008 R2, αλλά μόνο για stored procedures.

ShowDecrypted Stored Procedure
  1. CREATE PROCEDURE dbo.ShowDecrypted(@ProcName SYSNAME = NULL)
  2. AS
  3. SET NOCOUNT ON
  4. IF EXISTS
  5. (
  6. SELECT * FROM sys.dm_exec_connections ec JOIN sys.endpoints e
  7. on (ec.[endpoint_id]=e.[endpoint_id])
  8. WHERE e.[name]='Dedicated Admin Connection'
  9. AND ec.[session_id] = @@SPID
  10. )
  11.     BEGIN
  12.  
  13.     DECLARE @i BIGINT,@a NVARCHAR(MAX),@b NVARCHAR(MAX),@d NVARCHAR(MAX),@c NVARCHAR(MAX)
  14.     SET @a=(SELECT [imageval] FROM [sys].[sysobjvalues] WHERE [objid] = OBJECT_ID(@ProcName) and [valclass] = 1 and [subobjid] = 1)
  15.     SET @b='ALTER PROCEDURE '+ @ProcName +' WITH ENCRYPTION AS '+REPLICATE('-', 8000)
  16.  
  17.         BEGIN TRANSACTION
  18.             EXECUTE (@b)
  19.             SET @c=(SELECT [imageval] FROM [sys].[sysobjvalues] WHERE [objid] = OBJECT_ID(@ProcName) and [valclass] = 1 and [subobjid] = 1)    
  20.         ROLLBACK TRANSACTION
  21.  
  22.     SET @d = REPLICATE(N'A', (DATALENGTH(@a) /2 ))
  23.     SET @i=1
  24.     WHILE @i<=(DATALENGTH(@a)/2)
  25.     BEGIN
  26.     SET @d = STUFF(@d, @i, 1,NCHAR(UNICODE(SUBSTRING(@a, @i, 1)) ^(UNICODE(SUBSTRING('CREATE PROCEDURE '+ @ProcName +' WITH ENCRYPTION AS ' + REPLICATE('-', 8000), @i, 1)) ^UNICODE(SUBSTRING(@c, @i, 1)))))
  27.     SET @i=@i+1
  28.     END
  29.  
  30.     SELECT @d [StoredProcedure]
  31.  
  32.     END
  33.     ELSE
  34.     BEGIN
  35.         PRINT 'Use a DAC Connection'
  36.     END
  37.  
  38. SET QUOTED_IDENTIFIER OFF
  39. GO
  40. SET ANSI_NULLS ON
  41. GO

 

/*antonch*/

Antonios Chatzipavlis

Antonios Chatzipavlis

Antonios is a Data Solutions Consultant and Trainer. He has been working in IT since 1988. In his career, he has worked as senior developer, IT Manager, Solutions Architect and IT Consultant. Since 1995 he has been devoted on new technologies and software development tools, mainly by Microsoft, either by training company staff and colleagues or assisting them in design, development and implementation as a consultant or chief developer. He has focused in Databases and Data Science since 1995. He specialized in Microsoft SQL Server since version 6.0 in areas like SQL Server Internals, Database Design and Development, Business Intelligence and in 2010 he has started working with Azure Data Platform, NoSQL databases, Big Data Technologies and Machine Learning. He is an active member of many IT communities in Greece, answering colleagues' questions and writing articles in his web site. He is the owner of SQLschool.gr which is a community portal with a lot of information about Microsoft SQL Server. He has been a Microsoft Certified Trainer (MCT) since 2000. Microsoft honored him as MVP on Data Platform due to his activities in SQL Server since 2010. He holds a large number of Microsoft Certifications and Microsoft SQL Server Certifications since version 6.5.

Episode

Transparent Data Encryption (TDE)

image

More Episodes...

Tip

Refresh Intellisence in SSMS

Για να κάνουμε refresh το intellisence μέσα στο SSMS αρκεί να πατήσουμε Ctrl+Shift+R

More Tips...

Become a member

If you want to receive updates from us become a member to our community.

Connect

Explore

Learn


sqlschool.gr © 2010-2023 All rights reserved

This site uses cookies for operational and analytics purposes only. By continuing to browse this site, you agree to their use.