Is It Wise To Decrypt Stored Procedures In SQL Server?
May 5, 2008
Hi All,
I'm new to SQL Server 2005 encryption security. I developed a simple login form using .NET 2 framework. I'm encrypting the user's password on the execution of the INSERT statement using SQL Server EncryptByCert(Cert_ID('abc'),'password').
My only concern is that of decrypting the password on the execution of the SELECT dtatement in a stored procedure using the DecryptByCert(Cert_ID('abc'),val,N' certificate password'). Anyone who has rights on executing that particular stored procedure in SQL Server can easily return the user's password.
Can I still use the SQL encryption, whilst the login application handles the decryption (meaning I embed the DecryptByCert in the application ).
If anyone has other ways of implementing this please forward them? (I preferable would like to store all the certificates, private keys, etc on the database side )
Thanks,
Matt
View 1 Replies
ADVERTISEMENT
Oct 4, 2000
does anyone know how to decrypt an encrypted stored procedure???
regards,
resh
View 1 Replies
View Related
May 7, 2006
I encrypt my procedures using with encryption clause, but I do not how to decrypt again.
Is there a command or utility for encrypt and decrypt in Sql 2000? How about Sql 2005?
Thanks
Haydee
View 12 Replies
View Related
Jul 23, 2005
I want to know the differences between SQL Server 2000 storedprocedures and oracle stored procedures? Do they have differentsyntax? The concept should be the same that the stored proceduresexecute in the database server with better performance?Please advise good references for Oracle stored procedures also.thanks!!
View 11 Replies
View Related
Oct 19, 2005
How to Decrypt the SQL Encrypted Stored procedure in ASP.NET (i.e.vb code)Pls let me know ASAP.Thanks.
View 1 Replies
View Related
Sep 30, 2006
Hi,
This Might be a really simple thing, however we have just installed SQL server 2005 on a new server, and are having difficulties with the set up of the Store Procedures. Every time we try to modify an existing stored procedure it attempts to save it as an SQL file, unlike in 2000 where it saved it as part of the database itself.
Thank you in advance for any help on this matter
View 1 Replies
View Related
Mar 24, 2004
IS there a way inside code for vb.net to programmatically change sorting in a stored procedure???Reason is I need a two way sort and did not want to have to write a SP for each way ....If so Do you have an example.....
View 3 Replies
View Related
Jan 4, 2000
Hi,
Everytime after I restore any database on the sql server 6.5, I have to recompile all the stored procedures in that database.Is there any method to overcome this problem?
Thanks,
Manu.
View 1 Replies
View Related
Apr 19, 1999
Trying to run a SQL Server 6.5 stored procedure via ADO 2.0 in Visual Basic 6. The stored procedure moves roughly 10000 records from one table to another within the same database. The procedure works just fine when run from a SQL editor such as I/SQL, but only transfers a few hundred records when it is executed from a VB application using ADO 2.0.
The guilty code can be seen below. Any thoughts?
Public cnSQL As New ADODB.Connection
Public qry As New ADODB.Command
With cnSQL
.ConnectionString = ConnectStringSQL
.ConnectionTimeout = 20
.Open
End With
Set qry.ActiveConnection = cnSQL
qry.CommandType = adCmdStoredProc
qry.CommandTimeout = 120
qry.CommandText = "sp_VGInsertBOMStructure"
qry.Execute
Peter
View 1 Replies
View Related
Jun 6, 2002
I have a stored procedure on SQL/Server 2000 that inserts into a #temptable. When I execute it from Query Analyzer it works fine.
When I execute it from an ASP using ADO it gives me an Open Error message. When I comment out the
#temptable the ASP works fine. Can someone shed some light on this? Do I have to do an ADO opent on the
#temptable?
View 4 Replies
View Related
Apr 11, 2006
Is there any application which can tell you the procedure called within a procedure.
View 2 Replies
View Related
May 16, 2008
I come from a MySQL background, and have recently began migrating to SQL Server.
I can't, for the life of me, find an example of a stored procedure that does the following in SQL Server:
- Multi-lined
- Contains both input and output parameters
- Sets one of the output parameters within the stored procedure
Can anyone provide some insight? I.e. Why does the following not work?
IF NOT EXISTS (SELECT * FROM syscomments WHERE id = object_id('usp_test'))
BEGIN
CREATE PROCEDURE "usp_test"
(@num1 INT, @num2 INT, @result INT OUTPUT)
AS
BEGIN
DECLARE newValue INT;
SET @newValue = num1 + num2;
SET @result = @newValue;
END;
END;
I get these errors (I'm using the Management Studio Express)
Msg 156, Level 15, State 1, Line 3
Incorrect syntax near the keyword 'PROCEDURE'.
Msg 155, Level 15, State 2, Line 7
'INT' is not a recognized CURSOR option.
Msg 137, Level 15, State 1, Line 8
Must declare the scalar variable "@newValue".
Msg 137, Level 15, State 2, Line 9
Must declare the scalar variable "@newValue".
View 8 Replies
View Related
Jul 2, 2007
I just installed sql server 2005 on my machine. I've been using Access for some time and have created my stored procedures easily in it. However, this sql server 2005 is so complicated. In Access, all I had to do was "Create a New Query", write my sql statement, name and save it. However, I am having so much trouble with this sql server. For example, when I create a stored procedure in sql server, it has a .sql extension. I am assuming the stored procedure is a file. However, after saving it, I expand my database, expand programmability, and expand stored procedures, yet my new stored procedure is not there. It's placed in a file called projects. I need to access this stored procedure from code, but in visual studio, I get an error message, "Cannot find stored procedure sp_Roster". Here is the code I used to access my stored procedure from vb.net. I thought it would work but it didntDim comm As New SqlCommandDim strsql As StringDim strconn As String strsql = "sp_Roster" strconn = "server=Home; user=sa; pwd=juwar74; database=Book;" With comm .Connection = New SqlConnection(strconn) .CommandText = strsql .CommandType = CommandType.StoredProcedure With .Parameters.Add("TeacherID", SqlDbType.Char) .Value = "DawsMark@aol.com" End With With .Parameters.Add("ClassID", SqlDbType.Int) .Value = CInt(classid) End With With .Parameters.Add("sID", SqlDbType.Int) .Value = ssID End With With .Parameters.Add("sLastName", SqlDbType.Char) .Value = lastname End With With .Parameters.Add("sFirstName", SqlDbType.Char) .Value = firstname End With With .Parameters.Add("sMiddleName", SqlDbType.Char) .Value = middlename End With With .Parameters.Add("Student", SqlDbType.Char) .Value = fullname End With With .Parameters.Add("Password", SqlDbType.Char) .Value = password End With .Connection.Open() .ExecuteNonQuery() With comm.Connection If .State = ConnectionState.Open Then .Close() End If End With End With Here is my procedure that I created and that was saved as sp_Roster.sql in sql server CREATE PROCEDURE sp_Roster ASBEGIN SET NOCOUNT ON; -- Insert statements for procedure here INSERT INTO Roster (TeacherID, ClassID, sID, sLastName, sFirstName, sMiddleName, Student, Password) VALUES (@TeacherID, @ClassID, @sID, @sLastName, @sFirstName, @sMiddleName, @Student, @Password)ENDGO Why isn't ado.net finding it in sql server. Is the sqlstr correct?
View 2 Replies
View Related
Jul 2, 2007
In a previous post, someone helped me with creating stored procedures, and I am grateful because I am transitioning from the Access World.
Anyway, I get an error at .ExecuteNonQuery in visual studio 2005 when I run the following code:
Dim strsql As String Dim strconn As String strsql = "sp_Roster" strconn = "server=xxxx; user=xxxx; pwd=xxxx; database=xxxx;" With comm .Connection = New SqlConnection(strconn) .CommandText = strsql .CommandType = CommandType.StoredProcedure With .Parameters.Add("TeacherID", SqlDbType.Char) .Value = "DawsMark@aol.com" End With With .Parameters.Add("ClassID", SqlDbType.Int) .Value = classid End With With .Parameters.Add("sID", SqlDbType.Int) .Value = ssID End With With .Parameters.Add("sLastName", SqlDbType.Char) .Value = lastname End With With .Parameters.Add("sFirstName", SqlDbType.Char) .Value = firstname End With With .Parameters.Add("sMiddleName", SqlDbType.Char) .Value = middlename End With With .Parameters.Add("Student", SqlDbType.Char) .Value = fullname End With With .Parameters.Add("Password", SqlDbType.Char) .Value = password End With .Connection.Open() .ExecuteNonQuery() With comm.Connection If .State = ConnectionState.Open Then .Close() End If End With End With
The error was: Error converting data type char to int.
The stored procedure in sql server was as follows
CREATE PROCEDURE sp_Roster -- Add the parameters for the stored procedure here@TeacherID varchar(50),@ClassID int,@sID int,@sLastName varchar(50),@sFirstName varchar(50),@sMiddleName varchar(50),@Student varchar(50),@Password varchar(50)ASBEGIN -- SET NOCOUNT ON added to prevent extra result sets from -- interfering with SELECT statements. SET NOCOUNT ON; -- Insert statements for procedure here INSERT INTO Roster (TeacherID, ClassID, sID, sLastName, sFirstName, sMiddleName, Student, Password) VALUES (@TeacherID, @ClassID, @sID, @sLastName, @sFirstName, @sMiddleName, @Student, @Password)ENDGO
The error also says "sqlexception was unhandled by user code.
This is strange because this code worked perfectly when connecting to Access and when I used oledb.
So how is it the code's problem? Is the stored procedure causing the error or the code. Can someone please help. thanks.
<Edited by Dinakar Nethi>
Please mask your useird/pwd info in the connection string when posting to a public forum like this
</Edit>
View 2 Replies
View Related
Feb 25, 2008
In Oracle database we can group our stored procedures in packets. It is very useful when we are creating big business solutions with hundreds stored procedures. Can we do something like this in SQL server?
View 2 Replies
View Related
Jun 8, 2005
I don't see the option to debug a stored procedure. I right click on
the procedure and should'nt it appear in the properties window. Do I
need to install some extra component to get the debugger.
View 4 Replies
View Related
Jan 28, 2006
How do you transfer stored procedures from SQL Express 2005 to MS SQL 200 ? I am using the Personal home page starter kit and also need to know if I have to attach and detach the database to my ISP's server?thanks,
View 2 Replies
View Related
May 6, 2006
hi, anyone can guide me on how to create stored procedures in MS SQL Server?
View 1 Replies
View Related
May 1, 2001
About a year ago we inherited a SQL server (7.0) from another division of our company. The time has come to migrate the SQL Server functionality onto a new machine. Before I do this though, I need to figure out what the initial installation configuration was so I can set up the new server with the same specs. I am looking for a system stored procedure(s) that can tell me the following:
Case sensitivity, accent sensitivity, SQL build (SP), character set, etc. Basically I need to know what checkboxes were ticked during the initial set up of the server.
Any help would be greatly appreciated. TIA.
View 2 Replies
View Related
Oct 19, 1999
Hi everyone,
Is versioning SQL Server 7.0 stored procedures with VSS possible? If so,
how? How are people versioning stored procedures out there?
Thanks in advance...
bth@prucka.com
View 1 Replies
View Related
Nov 8, 2004
Hi,
Does anyone know how to export all stored procedures attached to a database (MS SQL Server) into a sql script. Please help.
Thanks
View 2 Replies
View Related
Jul 20, 2005
I thought this problem would go away over the Christmas holiday, butof course it did not. I'm trying to write a stored procedureincorporating wildcards, so I can search for variations. Example, ifname 'Smith' is submitted, sproc should retrieve all recordscontaining 'John Smith', 'Zenia Smith', 'Smithfield & Co.' You get theidea.Using SQL Query Analyzer, the queryselect * from filewhere name like '%smith%'works like a charm.But if I write a stored procedure declaring the variable @name andusing a where clause 'where name like '%@name%'', I get zero results.The query doesn't bomb. It just doesn't produce anything - even thoughI know there are records that meet the criteria.Any ideas? Or are sprocs and wildcards incompatible?
View 1 Replies
View Related
Apr 3, 2008
I have a simple stored procedure:
create procedure sp_testres
@mult1 int,
@mult2 int,
@result int output
as
select @result = (10*@mult1) + @mult2
go
When I call it
declare @result int
exec sp_testres 5, 6, @result output
print @result
(Result is correctly shown as 56).
I then in C# wrote the following:
m_cmd.CommandText = "sp_testres";
SqlParameter param2 = new SqlParameter("@mult2", SqlDbType.Int);
param2.Value = 6;
SqlParameter param1 = new SqlParameter("@mult1", SqlDbType.Int);
param1.Value = 5;
SqlParameter param3 = new SqlParameter("@result", SqlDbType.Int);
param3.Direction = ParameterDirection.Output;
m_cmd.CommandType = CommandType.StoredProcedure;
m_cmd.Parameters.Add(param1);
m_cmd.Parameters.Add(param2);
m_cmd.Parameters.Add(param3);
m_cmd.ExecuteNonQuery();
This works and param3.Value holds the result value.
I also notice that I can supply the parameters in any order, and things work fine.
What I want to know is: can I call the stored procedure with parameters, where I haven't supplied the parameter name, and just rely on the parameter order matching instead?
View 5 Replies
View Related
Apr 12, 2001
Hi,
Please help!!!!!!!
Is there are ways to encrypt data in the table (SQL Server 7) and then retrieve (decrypt) this information?
Thanks
View 1 Replies
View Related
May 21, 2008
hi,
how can i decrypt a stored procedure in sql server 2005?
THX
View 2 Replies
View Related
Apr 27, 2005
This is a solution for a very specific problem, and it's one that you'll hardly ever use, but it's important to know about that one scenario where it can save your neck. Ordinarily, stored procedures are only recompiled if they're no longer in the procedure cache. But if a stored procedure's execution plan is still in the cache, then SQL Server reuses the compiled storedprocedure and its existing execution plan. This is almost always the best course of action. Almost always, but not always.Sometimes, however, reusing an existing plan doesn't offer the most efficient performance. Imagine, for example, that your stored procedure accepts a parameter that determines the natureof a JOIN operation. The results can vary in a big way, so you wouldn't want your procedure to be locked into an execution plan that might be completely inappropriate for that JOIN. In a highlyspecialized case like this, you might want to force SQL Server to recompile the procedure every time the procedure runs. Doing so comes at a performance cost, but this might be offset by thesavings you gain in not executing the procedure with an awful compiled execution plan. Consider carefully whether to use this approach (or whether to re-engineer the over-design of yourapplication to avoid this situation in the first place). Should you need to instruct SQL Server to recompile each time, add the WITH RECOMPILE directive to the procedure, like this: CREATE PROCEDURE ProcName @Param int /* ... other parameters */ WITH RECOMPILE AS /* ... procedure code follows */
If we omit "WITH RECOMPILE", what will be the consequence? Thanks
View 3 Replies
View Related
Jan 20, 2006
Stupid question but please be gentle and answer anyway please....
Background: We have SQL Server 2003 (32bit) running on our servers. Our .Net applications (from old release of VS) are still running on them and using the old databases. From what I understand there is no immediate plans to upgrade the servers. However the developers were just given this new upgrade (2005) SQL Server and VS (and fixing depreciated code etc in the .net apps).
Question: Can the applications and new stored procedures written via the 2005 environment be deployed successfully on the 2003 Servers? Same goes with Reporting Services?
View 1 Replies
View Related
Mar 5, 2008
This question is about SQL Server 2005:
I have been trying to figure out how to copy tables and stored procedures between 2 databases (on the same server) using SQL Server Management Studio. I have tried right clicking on the table name, "script table as", "drop to", "clipboard", then I click on the 2nd database, and then click on the "tables" . I change the name of the database and click "execute". This creates the table but does not copy the data. I have also tried "create to" "clipboard" and "insert to" "clipboard" and cannot seem to be able to figure out how to get the results that I want. I am new at this but need to get the tables with the data copied along with the stored procedures, even if I have to do them one at a time. When I was using SQL Server 2000, I was able to use DTS to copy objects to other databases easily. Can someone please tell me a way to accomplish what I need to do? I have gotten information here before that was very useful and was hoping that someone can help me again.Thank you so much. Carol Quinn
View 9 Replies
View Related
Jun 14, 2004
How can I create a row wise trigger in MSSQL Server .
CREATE TRIGGER trigName ON tableName for
INSERT , UPDATE , DELETE
AS ...
For a multiple delete , I got only one trigger invocation .
But I need individual trigger calls for each row ...
How can I do this in t-sql ?
Is there any usage like FOR EACH ROW in Oracle ?
Is it possible through INSTEAD OF TRIGGER ?
Please help !!!!!!!!
View 2 Replies
View Related
Aug 8, 2007
I have just successfully published an web app and db to a server
but when the web app tries to use a stored procedure it says that
it cannot find stored procedure.....in my data base......eeeer
anyone had this problem
View 6 Replies
View Related
Sep 20, 2007
Hey guys,I'm having a problem. I've been given a task to complete. I was given a database, and asked to wrap a website around it with certain functionality. I did this, and added seven stored procedures in the proccess. Everything works, Business Logic Layer, Data Access Layer, error validation, even screwed around with SQL-injection protection. Lovely, yes?However, when my little website gets tested, it's going to be plugged into a fresh database - the exact same database I was given, only with different data in the tables. My stored procedures won't be in that database. I can detect if my stored procedure doesn't exist easily enough by catching the error at runtime and checking the code. I would like to create the stored procedure inside that catch block. I just don't know how.The easy answer is just to use embedded SQL in my application instead of stored procedures. This isn't a commercial application, it's just a task I've been given to test my abilities. But embedded SQL is icky. I'd rather do it properly.
View 1 Replies
View Related
May 19, 2004
Hi,
I was just wondering if something could be explained to me.
I have the following:
1. A table which has fields with data types and lengths / sizes
2. A stored procedure for said table which also declares variables with datatype and lengths/ sizes
3. A function in written in VB .net that uses said stored procudure. The code used to add the parameters to the sql command also requires that i give a data type and size.
How come i need to specify data type and length in three different places? Am i doin it wrong?
Any information is greatly appreciated.
Thanks
Im using SQL Server 2000 with Visual Studio .Net using Visual Basic..
View 1 Replies
View Related
Jan 1, 2005
First, does anyone know any good SQL Server sites with articles and whatnot on query design, etc. Not so much basic "How to get data out of your table", but more complex topics like conditional stored procedures, working with triggers, etc. The MSDN is helpful but I often have trouble understanding what's going on.
And second, any pointers (or links) on how I can go about having a stored procedure query a pair of product tables to get information to display in my shopping cart? I've got:
Cart Items StdProducts CustomProducts
----------- ------------- -----------------
partID stdpartID custompartID
IsCustom (Bit)
description description
So depending on if the 'IsCustom' field is True or False, I want to join the [cartitems].[partID] to either the [StdProducts].[stdpartID] or the [CustomProducts].[custompartID] to get the description and other information.
Eventually, I'll probably need to branch this type of procedure out even further (not just either/or scenario) to include the option of pointing to 6-12 different child tables depending on criteria within the parent table for a different scenario. Depending on performance, I could either hard code in the various child tables or have another table containing the table names and the appropriate key that would indicate which table to use.
Hopefully that made some sense, since I'm not entirely positive how to go about this type of thing or what you would call whatever I'm trying to do (and thus what I would be searching for).
View 1 Replies
View Related
