SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2000 Forums
 Transact-SQL (2000)
 Hide stored procedure
 New Topic  Reply to Topic
 Printer Friendly
Previous Page | Next Page
Author Previous Topic Topic Next Topic
Page: of 3

nr
SQLTeam MVY

United Kingdom
12543 Posts

Posted - 11/16/2007 :  07:44:41  Show Profile  Visit nr's Homepage  Reply with Quote
Create a new database. Don't allow users permission on that database. Create your SP in that database accessing the other database using the qualified name for the objects.

That means the users won't be able to see anything in your database but you can access the other database if you run it as sysadmin or a user with permissions.

==========================================
Cursors are useful if you don't know sql.
DTS can be used in a similar way.
Beer is not cold and it isn't fizzy.
Go to Top of Page

Merkin
Funky Drop Bear Fearing SQL Dude!

Australia
4970 Posts

Posted - 11/16/2007 :  07:46:46  Show Profile  Visit Merkin's Homepage  Reply with Quote
quote:
Originally posted by nr

Create a new database. Don't allow users permission on that database. Create your SP in that database accessing the other database using the qualified name for the objects.

That means the users won't be able to see anything in your database but you can access the other database if you run it as sysadmin or a user with permissions.






Now that is extreme!


Damian
"A foolish consistency is the hobgoblin of little minds." - Emerson
Go to Top of Page

Merkin
Funky Drop Bear Fearing SQL Dude!

Australia
4970 Posts

Posted - 11/16/2007 :  07:48:50  Show Profile  Visit Merkin's Homepage  Reply with Quote
How apt.

Todays Dilbert





Damian
"A foolish consistency is the hobgoblin of little minds." - Emerson
Go to Top of Page

nr
SQLTeam MVY

United Kingdom
12543 Posts

Posted - 11/16/2007 :  08:23:33  Show Profile  Visit nr's Homepage  Reply with Quote
Steps to produce system

1. Ask the users what they want
2. prodcue what the users say they want
3. Deliver to the users
4. Users say that's not what they want.
1...

Not if we could just get rid of step 4. things woukd runn a lot more smoothly and be much more fun.


==========================================
Cursors are useful if you don't know sql.
DTS can be used in a similar way.
Beer is not cold and it isn't fizzy.
Go to Top of Page

jezemine
Flowing Fount of Yak Knowledge

USA
2884 Posts

Posted - 11/16/2007 :  09:37:46  Show Profile  Visit jezemine's Homepage  Reply with Quote
sounds to me like the guy is trying to create a back door, or perhaps an easter egg.


elsasoft.org

Edited by - jezemine on 11/16/2007 09:50:12
Go to Top of Page

X002548
Not Just a Number

15586 Posts

Posted - 11/19/2007 :  11:30:04  Show Profile  Reply with Quote
Just Code of your stored procedures with the text being white

Brett

8-)

Hint: Want your questions answered fast? Follow the direction in this link
http://weblogs.sqlteam.com/brettk/archive/2005/05/25/5276.aspx

Add yourself!
http://www.frappr.com/sqlteam



Go to Top of Page

Van
Constraint Violating Yak Guru

458 Posts

Posted - 11/19/2007 :  11:38:17  Show Profile  Reply with Quote
quote:
Originally posted by dataguru1971

I can only imagine what highly secretive task is being completed by a procedure that must be kept secret from everyone else--especially a co-developer.

The only reason for such secrecy is more suspect than allowing users to see it. Does it store the bonus plan calculations or something?

There really is no way to do it AND keep the procedure stored on the server.



Poor planning on your part does not constitute an emergency on my part.





Ever saw the movie "Office Space"?
Go to Top of Page

spirit1
Cybernetic Yak Master

Slovenia
11749 Posts

Posted - 11/19/2007 :  11:49:08  Show Profile  Visit spirit1's Homepage  Reply with Quote
classic

_______________________________________________
Causing trouble since 1980
blog: http://weblogs.sqlteam.com/mladenp
SSMS Add-in that does a few things: www.ssmstoolspack.com
Go to Top of Page

DonAtWork
Flowing Fount of Yak Knowledge

2143 Posts

Posted - 11/19/2007 :  12:12:13  Show Profile  Reply with Quote
What i dont get is, why do you care if they see the NAME of the proc? If they don't have permission to view/execute it, what does it matter? 2k5 will lock it down.
EDIT: As i now see its on the 2k forum
[Signature]For fast help, follow this link:
http://weblogs.sqlteam.com/brettk/archive/2005/05/25.aspx
Learn SQL
http://www.sql-tutorial.net/
http://www.firstsql.com/tutor.htm
http://www.w3schools.com/sql/default.asp

Edited by - DonAtWork on 11/19/2007 12:12:53
Go to Top of Page

jezemine
Flowing Fount of Yak Knowledge

USA
2884 Posts

Posted - 11/19/2007 :  12:52:22  Show Profile  Visit jezemine's Homepage  Reply with Quote
why hide the name? because you don't want to announce the presence of a back door, of course!


elsasoft.org
Go to Top of Page

spirit1
Cybernetic Yak Master

Slovenia
11749 Posts

Posted - 11/19/2007 :  12:58:32  Show Profile  Visit spirit1's Homepage  Reply with Quote
he's a back door kind of a man

_______________________________________________
Causing trouble since 1980
blog: http://weblogs.sqlteam.com/mladenp
SSMS Add-in that does a few things: www.ssmstoolspack.com
Go to Top of Page

X002548
Not Just a Number

15586 Posts

Posted - 11/19/2007 :  13:26:09  Show Profile  Reply with Quote
My code in the above post is quite well hidden

I would if means like the python sketch, "how not to be seen"



Brett

8-)

Hint: Want your questions answered fast? Follow the direction in this link
http://weblogs.sqlteam.com/brettk/archive/2005/05/25/5276.aspx

Add yourself!
http://www.frappr.com/sqlteam



Go to Top of Page

Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)

USA
7020 Posts

Posted - 11/19/2007 :  14:18:40  Show Profile  Reply with Quote

create proc dbo.[ ]
as select [Empty] = 'Proc with empty name'
go
[ ]
go
drop proc dbo.[ ]


Results:
Empty
--------------------
Proc with empty name

(1 row(s) affected)




CODO ERGO SUM
Go to Top of Page

jonasalbert20
Constraint Violating Yak Guru

Philippines
300 Posts

Posted - 11/19/2007 :  23:29:28  Show Profile  Send jonasalbert20 a Yahoo! Message  Reply with Quote
quote:
Originally posted by spirit1

he's a back door kind of a man

_______________________________________________
Causing trouble since 1980
blog: http://weblogs.sqlteam.com/mladenp
SSMS Add-in that does a few things: www.ssmstoolspack.com


This might sounds like a back door job. But it's the owner who instructed me to do so.


quote:
Originally posted by Michael Valentine Jones


create proc dbo.[ ]
as select [Empty] = 'Proc with empty name'
go
[ ]
go
drop proc dbo.[ ]


Results:
Empty
--------------------
Proc with empty name

(1 row(s) affected)




CODO ERGO SUM



This might a little bit interesting. but still you can see the blank name.



For fast result follow this...
http://weblogs.sqlteam.com/brettk/archive/2005/05/25.aspx

Want Philippines to become 1st World COuntry? Go for World War 3...
Go to Top of Page

khtan
In (Som, Ni, Yak)

Singapore
17437 Posts

Posted - 11/19/2007 :  23:43:14  Show Profile  Reply with Quote
yeah you are right. That might be too obvious.

Better just create the stored procedure as [this-is-not-a-secret-stored-procedure]


KH
Time is always against us

Go to Top of Page

jezemine
Flowing Fount of Yak Knowledge

USA
2884 Posts

Posted - 11/20/2007 :  01:21:28  Show Profile  Visit jezemine's Homepage  Reply with Quote
if you like the [ ] concept, you'll love this

perhaps your procs could be extended stored procedures implemented by a whitespace program.

there's nothing more fun than a code review of a whitespace program. insist the reviewers bring printouts to the meeting.


elsasoft.org
Go to Top of Page

X002548
Not Just a Number

15586 Posts

Posted - 11/20/2007 :  15:59:14  Show Profile  Reply with Quote
quote:
Originally posted by jonasalbert20
This might sounds like a back door job. But it's the owner who instructed me to do so.



Ok, so what's their advice?

Do they even know what they're talking about?



Brett

8-)

Hint: Want your questions answered fast? Follow the direction in this link
http://weblogs.sqlteam.com/brettk/archive/2005/05/25/5276.aspx

Add yourself!
http://www.frappr.com/sqlteam



Go to Top of Page

Van
Constraint Violating Yak Guru

458 Posts

Posted - 11/20/2007 :  16:08:02  Show Profile  Reply with Quote
Hmmm, so the boss and a dba/programmer are in on it. So if they get caught, the dba/programmer is covered...just doing what the boss told him to do. Is your company's name Enron?
Go to Top of Page

Vinnie881
Flowing Fount of Yak Knowledge

USA
1215 Posts

Posted - 11/20/2007 :  19:00:45  Show Profile  Reply with Quote
Here's the answer.

You can not create a hidden procedure -

If for some unknown reason this is imperative to achieve, then Khatan has provided the best solution for this of creating the procedure on the fly then drop it post the completion.

Another solution is to encode the name of your procedure using a encryption type of your choosing, it is not human readable.

Why you would need this is not clear, you are really only creating a false security. An administrator will always be able to view what is going on in sql via traces, and system processes.

Maybe you should take a break from your extreme programming and read a book on how to secure SQL Server. What you want to do is not how SQL is designed.



Go to Top of Page

jonasalbert20
Constraint Violating Yak Guru

Philippines
300 Posts

Posted - 11/20/2007 :  20:09:28  Show Profile  Send jonasalbert20 a Yahoo! Message  Reply with Quote

At first, I know it's impossible for stored procedure (to hide/make it invisible). Just curious if somebody could make it impossible to hide.

Here's what i did...

We had a total of 336 stored procedure on our accounting database. My boss which is the OWNER of the company specifically told me to secure the accounting database particularly calculations. Well, its me who only been trusted by the OWNER. At first, I encrypted all of the stored procedures. Second, I put permissions on all. Third, jezemine whitespace could be a big help for divert tactics. I created 30 of those and all are dummies. Hey! though sounds funny but that would somehow do much help. Fourth, naming convention for confidential stored procedures almost similar to existing procedures, this are naming convention not associated for their specific function or operation, just like khtan "[this-is-not-a-secret-stored-procedure]" At some point they will be having a hard time to analyze everything.


For fast result follow this...
http://weblogs.sqlteam.com/brettk/archive/2005/05/25.aspx

Want Philippines to become 1st World COuntry? Go for World War 3...
Go to Top of Page
Page: of 3 Previous Topic Topic Next Topic  
Previous Page | Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.19 seconds. Powered By: Snitz Forums 2000