Can we write a user defined function to encrypt a string of text based on a key in sql server 2000? For e.g. I want to try writing a triple DES algorithm to encrypt text. How to write statements for this? I checked around the internet; I can't understand the language of cryptography to begin with...
Consider upgrading to SQL Server 2005 or higher, which includes numerous encryption functions. They make it easy:
Create a certificate to manage your key (CREATE CERTIFICATE)
Create an encryption key from a password (CREATE SYMMETRIC KEY)
Write encrypted data to table (ENCRYPTBYKEY())
Read decrypted data from table (DECRYPTBYKEY())
dotnetslackers.com has an easy-to-read howto on the basics.
If you absolutely must stick with SQL Server 2000, you should strongly consider a third-party package for encryption, as writing 3DES from scratch is no small task. Application Security used to put out a product called 'DbEncrypt', but I don't know if it's still available.
I just found this article --> http://www.sqlservercentral.com/articles/Security/freeencryption/1980/. Seems you can do this via extended stored procedures. There are some 3rd party dlls which allow you to do this. There is a link to download the dlls (zipped) from the site. You have to add this to your sql server's binn folder, and call some scripts to add it to the extended stored procedures list. I not sure if this will work for sql server which runs of 64-bit machines.
Related
I created a new stored procedure WITH ENCRYPTION statement, now I want to view its body.
What is the solution?
In case when stored procedure is created with the ENCRYPTED option, SQL Server internally stores the text with the definition of the object in an obfuscated format
The actual definition of an object is stored in system table sys.sysobjvalues which is not directly accessible. By connecting to SQL Server using the Dedicated Administrator Connection (DAC) you can select the imageval column in which the information is stored
If you are not allowed by your company or your client to use third party tools see this post on how to decrypt the encrypted object:
http://www.mssqltips.com/sqlservertip/2964/encrypting-and-decrypting-sql-server-stored-procedures-views-and-userdefined-functions/
However, the easiest way is to use the third party tools
One of them is ApexSQL Complete, a FREE SSMS and VS add-in
In ApexSQL Complete encrypted objects are handled as any other SQL Server object with addition that their DDL script is shown, even if it is encrypted using the Decrypt encrypted objects option
The script of an encrypted object is shown in the inline object details dialog:
Disclaimer: I work for ApexSQL as a Support Engineer
Keep the script around that created the stored proc in the first place.
There's no documented means of retrieving the text of the procedure once it's been created with this option. There are hints in CREATE PROCEDURE, if you're desperate to recover the text:
ENCRYPTION
Indicates that SQL Server will convert the original text of the CREATE PROCEDURE statement to an obfuscated format. The output of the obfuscation is not directly visible in any of the catalog views in SQL Server. Users who have no access to system tables or database files cannot retrieve the obfuscated text. However, the text will be available to privileged users who can either access system tables over the DAC port or directly access database files. Also, users who can attach a debugger to the server process can retrieve the decrypted procedure from memory at runtime.
That is, you'll have to connect using DAC and query undocumented tables - there's certainly no visual option in SSMS.
You can decrypt with tool SQL Compare. You need to create one database to compare sql script. Return result script sql is decrypted. Link soft: http://www.red-gate.com/products/sql-development/sql-compare/
please give me some advice. I have to send email using SQL database mail. In my email, I have to create links that a user can click to go to a product page on my site. However, I need to encrypt the ID of the product and once the product page load, the querystring of the product ID will be decrypted.
How can I get the encryption algorithm which I created in web site class into SQL? I believe the decryption and encryption algorithm must be the same, so that my page can decrypt correctly when the user click on the link in their email. The encryption class I use is something similar to this link: http://www.codeproject.com/Articles/33350/Encrypting-Query-Strings
Thanks a lot for your help.
PS: I also posted this question on asp.net forum.
You can run CLR (ie .NET) code within SQL Server. There are several steps involved, but it starts with creating an "SQL Server" project within Visual Studio, writing the code, and deploying it to your SQL Server. You also have to enable CLR functions within SQL Server using sp_configure.
See here (MSDN) for detailed instructions: How to: Create and Run a CLR SQL Server User-Defined Function .
After doing quite some research, I can confirm that CLR is the way to go. As suggested, I used user defined function CLR. First I need to create CLR project in visual studio. Here is a good starting point to understand how it works:
http://blog.sqlauthority.com/2008/10/19/sql-server-introduction-to-clr-simple-example-of-clr-stored-procedure/
Then instead of adding a CLR stored procedure I move to User defined function. Add an encryption class and called the class in the user defined function. Build and Deploy. That's it.
Here is another useful links:
http://channel9.msdn.com/Learn/Courses/SQL2008R2TrainingKit/CLR/CLRIntegrationLab/Exercise-1-Creating-User-Defined-Functions-Using-SQL-CLR
Thanks dbaseman for pointing that out.
I have a requirement to store the data in encrypted form in database tables. I want to do it at the database level but here are the problems I am facing:
Data Type of the field should be Varbinary.
Encryption is not supported by Workgroup edition
Is it possible to encrypt Numeric Fields?
I want to access the encrypted data in tables to fetch in views and stored procedure for some processing but due to above problems I am not able to.
Here is my Environment:
Development Platform - ASP.Net,.Net Framework 3.5,Visual studio 2008
Server Operating System - Windows Server 2008
Database - SQL Server 2008 Work group edition
I was also thinking to adopt a different approach to resolve this issue (yet to test it's feasibility). I was just wondering if I could create a CLR function (which could take parameters to encrypt and decrypt data using Cryptography types provided in .Net framework) and use the CLR integration feature of SQL Server and call that function from stored procedure and views.
I am not sure if I am thinking in right direction? Any advice on this as well please.
Yes, you can do that. However, your SQL CLR assembly may need to be marked as unsafe for the crypto classes to work, depending on what cryptoapi methods you use.
All of our correspondence is done via database mail in sql server. The data for document generation and the rules to trigger the generation are all on sql server. We now have to create a pdf file. I was planning on using pdfsharp/migradoc to do it, but then we'd have to create document and time its readiness with sql server data state and mail state. It'd be nice if the db could handle everything.
Has anyone created pdf files directly in sql server? And if so, how.
take a look here: Create data driven PDF on the fly by using SQL server reporting service (SSRS)
I've not used it, but there is SQL2PDF stored proc. It uses sp_OA% code.
Google search
Blog article and duplicated on SQL Server Central (needs login)
SQL isn't the best place to do this of course, but if you have to I'd use CLR if possible.
I've just designed a large database by playing around in MS Access. Now that I'm happy with the design, I need to be able to generate this same database (tables, relationships, etc.) from code.
Rather than hand-writing the SQL CREATE statements (which will be long, tedious, and error-prone process), I was wondering whether there was a shortcut. I seem to recall from my limited exposure to MySql that I was able to export an entire database as an SQL statement that can then be run in order to regenerate that database.
Do you know of a way to do this in MS Access, either through the GUI, or programmatically?
I just found and tried out this tool: jet-tool. It seems to work well for Access 2010.
For free for 30 days (then $30) you can give DBWScript a go, looks like its what you are asking for, although not in native Access GUI or programmatically
The quick and dirty, easy, perfectly legitimate way to do this is just copy the .mdb file. Empty out the data if you need to - usually there are static tables that are handy to leave populated, however.
I use a free utility called MDB Viewer Plus (http://www.alexnolan.net/software/mdb_viewer_plus.htm).
Launch it, open your db, then select your table.
On top menu, select "Table > Generate SQL - CREATE".
I don't know what tools you have on your development machine, so this may or may not be helpful.
You can easily transfer your Access database to Microsoft SQL Server using the Upsizing Wizard.
The express edition of SQL Server is available for free > here.
You will also want to get the free Management Studio Express.
Using these free graphical-based tools you can easily generate the SQL statements to re-create the database. You will have the Create statements you are looking for and they will be placed in a text file.
The Bullzip is very good to this. Very simple. See bullzip Access to MySQL for example
It is possible export any tables to SQL or migrate automatically.
Access to MySQL is a small program that will convert Microsoft Access Databases to MySQL.
Wizard interface.
Transfer data directly from one server to another.
Create a dump file.
Select tables to transfer.
Select fields to transfer.
Transfer password protected databases.
Supports both shared security and user-level security.
Optional transfer of indexes.
Optional transfer of records.
Optional transfer of default values in field definitions.
Identifies and transfers auto number field types.
Command line interface.
Easy install, uninstall and upgrade.
The thing that you're mentioning in MySQL is sql dumping. Very useful feature. If you want to migrate the database to mysql, here's a helpful article.
http://www.kitebird.com/articles/access-migrate.html#TOC_4
I have been using for years a tool called database.net from https://fishcodelib.com/Database.htm
I generally use it on client's site as a portable version of SSMS (drop and run), but it can handle a multitude of RDBMSes, including Access.
Connect to your mdb/accdb, right click any table, choose SCRIPT AS, Create, and you're done.
If you right click Tables header, you can select multiple tables to generate, but I think it's a feature of the paid version.
I have no acquaintance with them, just a happy client.
I found an easy way to go:
Export-> ODBC Database
and then retrieve the SQL form there (e.g via pgadmin on postgres)
Compare'Em
http://home.gci.net/~mike-noel/CompareEM-LITE/CompareEM.htm
The free version creates VBA while the $10 pro version gives you DDL statements.