Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

I want to hide the script of a stored procedure in SQL Server 2008

Tags:

sql

sql-server-2008

stored-procedures

I have written a stored procedure in SQL Server.

Now its just that I don't want any one to see my script or edit it.

Please remember that I am working on the a standard login id and password. Which is shared with every one.

Hence some way where I can allow every one to execute the procedure. But they shouldn't see the script.

Cheers! thanks

like image 779
MDMalik Avatar asked Mar 04 '12 12:03

MDMalik

People also ask

Can we hide stored procedure in SQL Server?

Well, one word answer is you can hide it with the command WITH ENCRYPTION when you create stored procedure or function.

How do I view a stored procedure script?

Using SQL Server Management StudioExpand Stored Procedures, right-click the procedure and then select Script Stored Procedure as, and then select one of the following: Create To, Alter To, or Drop and Create To. Select New Query Editor Window. This will display the procedure definition.

Do I need to set Nocount off?

Now, is set nocount off necessary? No, as any new commands executed will be in a different scope, and by default set nocount off is always in effect. But as stated above in comments, it's considered a good practice, just to explicitly indicate that this setting will return to normal when the proc is finished executing.

What is set Nocount off?

SET NOCOUNT ON prevents the sending of DONEINPROC messages to the client for each statement in a stored procedure.

2 Answers

You're looking for WITH ENCRYPTION, which encrypts the code behind your stored proc.

CREATE PROCEDURE usp_MyProc
WITH ENCRYPTION
AS
SELECT *
FROM myTable

Just a caveat, from MSDN:

Users who have no access to system tables or database files cannot retrieve the obfuscated text. However, the text will be available to privileged users who can either access system tables over the DAC port or directly access database files.

Some references and further reading:

  • http://blog.sqlauthority.com/2007/07/01/sql-server-explanation-of-with-encryption-clause-for-stored-procedure-and-user-defined-functions/
  • http://msdn.microsoft.com/en-us/library/ms187926.aspx
like image 95
John N Avatar answered Nov 15 '22 19:11

John N

SQL Server doesn't truly provide a foolproof method to protect module code. The WITH ENCRYPTION clause should be named something along the lines of WITH LOOSE_OBFUSCATION, since the "encryption" is very easily thwarted. You're not going to be able to use anything in SQL Server to make the code undecipherable by anyone except the most casual onlookers - anyone determined is going to be able to beat native methods without breaking a sweat.

While this may be good enough for your needs, probably a safer way (but still not perfect) is to put some or all of the procedure's business logic into the CLR (read more here).

like image 25
Aaron Bertrand Avatar answered Nov 15 '22 18:11

Aaron Bertrand
Sign in to Comment

Related questions

sqlite3 date and interval functions
How to get first element by XPath in Oracle
Can you explain this SQL injection?
How does a bitmap index work?
Is it possible to use sql server bulk insert without a file?
TSQL Finding Order that occurred in 3 consecutive months
Explanation of particular sql injection
NHibernate: Get object by SQL Query
run queries periodically (ala crontab) from a postgresql database
How to insert a mix of explicit values and data retrieved from another table
SQL -- Remove duplicate pairs
Whats the standard way of getting the last insert id?
Is there a way to query 135 distinct tables in one single query?
Ambiguous column name SQL error with INNER JOIN: Why?
Selecting the same row multiple times
Update sql bit field in database
Count on DISTINCT of several fields work only on MySQL?
Is there an aggregate function that could return first non-null value within a group?
What is the easiest way to make a column READONLY in Oracle?
Is there a module in Python that does something like "sqldf" for R?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!