Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Stored procedure ENCRYPTION option depending on build mode

Tags:

sql-server

visual-studio

encryption

msbuild

sql-server-data-tools

I'm working on stored procedures encryption in enterprise project. We have a bunch of SP's that should be protected on production.
There is no problem to set WITH ENCRYPTION parameter in each SP that is in sqlproj. But I want to make this directive optional: if I'm building project in debug mode - do not apply this procedure option, otherwise - use it. Actually main goal here is to get database for developers without encryption, but on production - encrypted SP's.
Using PowerShell script in build task I can modify generated sql file and as a result get script with encryption parameter, but I'm wondering how it would work with dacpac.
Any suggestions?

Update:

After some time spent playing with msbuild. I decided to stop (at least for now) on solution with PowerShell script task after SqlCore target:

<Import Project="$(ExtensionTasksPath)MSBuild.ExtensionPack.tasks" Condition="Exists('$(ExtensionTasksPath)MSBuild.ExtensionPack.dll')" />
  <UsingTask TaskFactory="PowershellTaskFactory" TaskName="CreateDecryptedScript" AssemblyFile="$(PowerShellTaskAssembly)" Condition="Exists('$(PowerShellTaskAssembly)')">
    <ParameterGroup>
      <File Required="true" ParameterType="System.String" />
      <ResultFile Required="true" ParameterType="System.String" />
    </ParameterGroup>
    <Task>
      <![CDATA[      
      (Get-Content $file) | Foreach-Object {$_ -replace 'WITH ENCRYPTION', '--WITH ENCRYPTION'} | Set-Content $resultfile    
    ]]>
    </Task>
  </UsingTask>
<Target Name="CreateDecryptedScript" AfterTargets="SqlCore">
    <CreateDecryptedScript File="$(OutputPath)$(CreateScriptFileName)" ResultFile="$(OutputPath)$(DecryptedScriptName)" Condition="Exists('$(PowerShellTaskAssembly)')" />
</Target>

As a result, after rebuilding project we have script for creating database without encryption.

But publish that is invoked from project does not force this stuff to happen and we will alter all SP's with encryption.

like image 438
Anatolii Gabuza Avatar asked Nov 03 '22 11:11

Anatolii Gabuza

1 Answers

It is easy to decrypt "encrypted" stored procedures. I suggest you just don't bother encrypting them.

  • Anyway to decrypt an encrypted sql server stored procedure?

  • https://duckduckgo.com/?q=decrypt+sql+server+stored+procedure

If you must encrypt them, I suggest a post-deploy step in DEV which decrypts every encrypted stored procedure, one by one. You could create such a step easily using sp_execsql and the information at the links.

like image 94
Ben Avatar answered Nov 12 '22 17:11

Ben
Sign in to Comment

Related questions

Import multiple Excel files into SQL Server 2008 R2 using SSIS Packages?
Complicated SQL Join
SQL Server - Querying for Closest Date Range
Query shows greater value of duration in trace than when the query is run by itself
Sum a field for each month cummulatively and dynamically
Merge two Table in SQL Server 2008
Converting SQL CASE WHEN statement into C#
Gracefully terminate long running SQL Server query from ADO.NET
Good tool for converting mssql queries to mysql queries
Need some clarification on SELECT within UPDATE t-SQL statement
Matching a string against a column full of regular expressions
If count(values) > 1, combine all values into a single cell [duplicate]
SQL - User input in query
Changing from local database to SQL Server hosted on a server
Proper Install Order For Visual Studio 2010 with SQL Server 2012 Business Intelligence
Validating SSIS 2012 packages programatically via SSIS Catalog Managed Object Model
cross server, standard SQL to produce a comma delimited list
Select every nth row with NHibernate
sp_send_dbmail Error In Microsoft SQL Agent Job
CTE parent-child showing siblings

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!