Monday, January 03, 2005

Encrypt all Stored Proceedure ...

There are situations where we would have written lots of stored procedure for a project. If at all we want to encrypt all the SPs at one shot, as of now we don't have any build-in function or tool to do that. The below SP does that with the help of "Cursor".

This SP is intelligent (!!) enough to encrypt all Stored procs within the current database except itself.

There is no "easy" way to decrypt the encrypted procedures. So it is always advisable to generate scripts of ALL SPs before executing the below piece of code. Also this code snippet would only work for those SPs whose content are within 8000 characters.

Create procedure uspEncryptAllSP
Declare @procName varchar(255),
@procContent varchar(8000),
@sqlQuery varchar(8000)

Set nocount on

Declare curEncrypt cursor for
Sysobjects so,
Syscomments sc
Where and
so.type ='p' and
so.category=0 and <> 'uspEncryptAllSP' and

Open curEncrypt
Fetch next from curEncrypt into @procName, @procContent

While @@Fetch_Status = 0

Print 'Encrypting the Stored Procedure: ' + @procName
Execute ('drop procedure ' + @procName)

Set @sqlQuery = Replace(@procContent, 'Create procedure ' + @procName, 'Create procedure ' + @procName + ' With Encryption')
Execute (@sqlQuery)

Fetch next from curEncrypt into @procName, @procContent

Close curEncrypt
Deallocate curEncrypt

Print 'Mission Completed !!!'

We can still improve this code by putting the main logic within transaction. So that if at due to some reasons the procedure is deleted but could not be recreated with encryption we could roll back.


JW said...


To remove the 8000 limit could you use varcharmax instead of varchar?

I guess that would only be for SQL Server 2005 and above though

rich said...

This script will not work with stored procedures which define parameters.

Anonymous said...

This script will not function with stored procedures which define parameters. Replace on ' AS ' with ' with encryption as ' instead.

magnus said...

Dangerous to replace ' AS ' since that can be used in many other places. As in SELECT columnName AS 'otherName'

Beula said...

This code is not working in procedures having input and ouptut parameters