Example: How does SQL Shield encryption works
After installation of SQL Shield you can start using it immediately. SQL
Shield does not affect the existing procedures, it does not change any objects
that already exist. When activated it just affects your newly created
procedures. It happens only when you explicitly specify the new method. So, the
both methods can coexist without interfering. To explicitly specify the new
method you should insert the comment /*sqlshield*/ into WITH ENCRYPTION
clause. This comment is case sensitive. Example:
|CREATE PROCEDURE MyTest
WITH /*sqlshield*/ ENCRYPTION
SQL Shield does not provide the method of decrypting procedures encrypted
with SQL Server or SQL Shield modes.
After installation of SQL Shield you can choose which method of encryption to
use: native or SQL Shield. You can enable and disable SQL Shield by running two
external procedures. SQL Shield starts together with SQL Server. During the
installation it places a special procedure called sqlshield_startup into the
master database. If you want to disable it, comment "exec sqlshield_on"
there. To unload SQL Shield at any time use "exec sqlshield_off".
After that all newly created objects will use native SQL Server encryption. SQL
Server caches decrypted objects. That is why even the encrypted objects are
usually available (you can execute them) after you stop or unload SQL Shield.
But objects that were not started are not available. If you restart SQL Server
and do not start SQL Shield all objects are not available. However SQL Shield
does not completely prevent procedures from being decrypted, but SQL Shield
makes it impossible for all now existing decryptors.
Due to internal limitations of MSSQL Server 7.0 the stored procedures and views encrypted with SQL Shield encryption cannot be longer than 4000 chars. Longer procedures are encrypted with native SQL encryption. Version for MSSQL 2000 has no limitations.
Take a look how easily SQL Server procedures can be decrypted. Create a
simple encrypted stored procedure:
Locate the decryption program on web
Start it, choose the newly created procedure and press save.
Open the created text file with Notepad. Here you are. All your encrypted
procedures can be revealed with a few clicks!
Now let us see how SQL Shield solves this problem
Start SQL Shield, if it was not yet started:
Create the new stored procedure and insert "magic" /*sqlshield*/
Run it and see that it still can be executed without a problem
Run the decryptor and try to apply it to our procedure:
Press Save button and take a look at the result file:
Opps. Our procedure is now protected.
Do you want to see what would happen without SQL Shield ? Disable auto start
of SQL Shield in master.sqlshield_startup procedure and restart SQL Server.
Now run sqlshield_test again. You will see the following error.
When you start SQL Shield it becomes executable again.