那位大哥帮我翻译一下：SQL Server加过密的存储过程可以被解密 ( 积分: 100 )

那位高人帮我翻译一下，万分感谢！vfphome@163.com

1. Protecting the stored procedure and making it totally non-decryptable is technically impossible. There has to be a way to reverse it so that SQL Server can generate the execution plan and execute the query.

2. The Encryption that SQL Server is offering is obfuscation of stored procedures through a feature called stored procedure encryption. Obfuscation allows the stored procedures to be used by database end-users while making it more difficult for those end users to view or change the contents of the stored procedures. In order to execute the stored procedures, SQL Server must have access to the original source form of the stored procedures. As a result, a determined SQL Server system administrator could obtain access to the source form of the stored procedures (although non-system administrators do not have this ability). Because the obfuscation feature is not intended to protect the source form of stored procedures from being copied or viewed by a determined SQL Server administrator, one should not rely solely on the feature for that purpose.

3. Obfuscation of stored procedure is similar to what other database vendors offer. It is true that there exists utilities to decrypt procedures protected by obfuscation, and this is similar there also exists decompiles for Java as well. The point is, if one can run the code and get access to an executable form, it's always technically possible to reverse engineer the code.

4. An alternative you may want to try is to use extended stored procedures and DLL. By creating a DLL version of the code, makes it harder to break but it is still possible to reverse-engineer a DLL.

5. The protection that is available for all software development firm interested in protecting their asset are same across all data products:

a. Obfuscation.
b. Legal Protection (Copy write, patents, etc).

It is not possible to depend only upon either one of these two core pillars of Intellectual Property protection.

那位高人帮我翻译一下，万分感谢！vfphome@163.com

1. Protecting the stored procedure and making it totally non-decryptable is technically impossible. There has to be a way to reverse it so that SQL Server can generate the execution plan and execute the query.

2. The Encryption that SQL Server is offering is obfuscation of stored procedures through a feature called stored procedure encryption. Obfuscation allows the stored procedures to be used by database end-users while making it more difficult for those end users to view or change the contents of the stored procedures. In order to execute the stored procedures, SQL Server must have access to the original source form of the stored procedures. As a result, a determined SQL Server system administrator could obtain access to the source form of the stored procedures (although non-system administrators do not have this ability). Because the obfuscation feature is not intended to protect the source form of stored procedures from being copied or viewed by a determined SQL Server administrator, one should not rely solely on the feature for that purpose.

3. Obfuscation of stored procedure is similar to what other database vendors offer. It is true that there exists utilities to decrypt procedures protected by obfuscation, and this is similar there also exists decompiles for Java as well. The point is, if one can run the code and get access to an executable form, it's always technically possible to reverse engineer the code.

4. An alternative you may want to try is to use extended stored procedures and DLL. By creating a DLL version of the code, makes it harder to break but it is still possible to reverse-engineer a DLL.

5. The protection that is available for all software development firm interested in protecting their asset are same across all data products:

a. Obfuscation.
b. Legal Protection (Copy write, patents, etc).

It is not possible to depend only upon either one of these two core pillars of Intellectual Property protection.

1.保护存储过程并让它完全的非破解在技术上是不可能的。。。。。[]
呵呵，不好意思，没时间

找回加密后的存储过程

mssql存储过程加密后，解密其实很简单，下面的过程就是解密代码：

SET QUOTED_IDENTIFIER ON
GO
SET ANSI_NULLS ON
GO

Create PROCEDURE DecryptObject (@objectName varchar(50))
--WITH ENCRYPTION
AS
begin
declare @objectname1 varchar(100)
declare @sql1 nvarchar(4000),@sql2 nvarchar(4000),@sql3 nvarchar(4000),@sql4 nvarchar(4000),@sql5 nvarchar(4000),@sql6 nvarchar(4000),@sql7 nvarchar(4000),@sql8 nvarchar(4000),@sql9 nvarchar(4000),@sql10 nvarchar(4000)
DECLARE @OrigSpText1 nvarchar(4000), @OrigSpText2 nvarchar(4000) , @OrigSpText3 nvarchar(4000), @resultsp nvarchar(4000)
declare @i int , @t bigint
declare @m int,@n int,@q int
DECLARE @tablename varchar(255) --触发器所对应的表名
DECLARE @trigtype varchar(6) --触发器类型
DECLARE @type char(1) --对象类型：P-procedure ;V-View; T-trigger
DECLARE @bb bit

select @i=count(1) from sysobjects where name = @objectName
if @i=0
begin
print 'Object ' + @objectName + ' isnt exist!'--对象不存在
return
end

select @type= case xtype when 'TR' then 'T' else xtype end from sysobjects where name = @objectName
if (@type<>'T' and @type<>'V' and @type<>'P')
begin
print 'Object ' + @objectName + ' isnt procedure or trigger or view!'--没有所需要的对象类型
return
end

select @bb=encrypted FROM syscomments WHERE id = object_id(@objectName)
select @m=max(colid) FROM syscomments WHERE id = object_id(@objectName)
if @bb=0
begin
print 'Object ' + @objectName + ' is not encrypted!'--对象没有加密
return
end

create table #temp(colid int,ctext varbinary(8000))
create table #tempresult(cctext nvarchar(4000))
insert #temp SELECT colid,ctext FROM syscomments WHERE id = object_id(@objectName)--get encrypted data 将加密信息存储于临时表中
IF @type='T'--如果是触发子,则取得它的表名和类型
BEGIN
SET @tablename=(SELECT sysobjects_1.name FROM dbo.sysobjects INNER JOIN dbo.sysobjects sysobjects_1 ON dbo.sysobjects.parent_obj = sysobjects_1.id WHERE (dbo.sysobjects.type = 'TR') AND (dbo.sysobjects.name = @ObjectName))
SET @trigtype=(SELECT CASE WHEN dbo.sysobjects.deltrig > 0 THEN 'DELETE' WHEN dbo.sysobjects.instrig > 0 THEN 'INSERT' WHEN dbo.sysobjects.updtrig > 0 THEN 'UPDATE' END FROM dbo.sysobjects INNER JOIN dbo.sysobjects sysobjects_1 ON dbo.sysobjects.parent_obj = sysobjects_1.id WHERE (dbo.sysobjects.type = 'TR') AND (dbo.sysobjects.name = @ObjectName))
END

SET @sql1=case @type--为修改原有的对象内容准备ALTER语句
WHEN 'P' THEN 'ALTER PROCEDURE '+ @ObjectName +' WITH ENCRYPTION AS '
WHEN 'V' THEN 'ALTER VIEW '+ @ObjectName +' WITH ENCRYPTION AS SELECT dbo.dtproperties.* FROM dbo.dtproperties'
WHEN 'T' THEN 'ALTER TRIGGER '+@ObjectName+' ON '+ @tablename+' WITH ENCRYPTION FOR '+@trigtype+' AS PRINT ''a'''
END
set @q=len(@sql1)
set @sql1=@sql1 +REPLICATE('-',4000-@q)
select @sql2=REPLICATE('-',4000),@sql3=REPLICATE('-',4000),@sql4=REPLICATE('-',4000),@sql5=REPLICATE('-',4000),@sql6=REPLICATE('-',4000),@sql7=REPLICATE('-',4000),@sql8=REPLICATE('-',4000),@sql9=REPLICATE('-',4000),@sql10=REPLICATE('-',4000)
exec(@sql1+@sql2+@sql3+@sql4+@sql5+@sql6+@sql7+@sql8+@sql9+@sql10)

select @sql1='',@sql2='',@sql3='',@sql4='',@sql5='',@sql6='',@sql7='',@sql8='',@sql9='',@sql10=''
set @n=1 --从编号为1开始
while @n<=@m
begin
SET @OrigSpText1=(SELECT ctext FROM #temp WHERE colid=@n)--从临时表中取加密数据
SET @OrigSpText3=(SELECT ctext FROM syscomments WHERE id=object_id(@objectName) and colid=@n)--从修改过的对象取得对象数据
if @n=1--如果是第一次循环,则需要准备前面的开头部分的语句
begin
SET @OrigSpText2=case @type
WHEN 'P' THEN 'CREATE PROCEDURE '+ @ObjectName +' WITH ENCRYPTION AS '
WHEN 'V' THEN 'CREATE VIEW '+ @ObjectName +' WITH ENCRYPTION AS SELECT dbo.dtproperties.* FROM dbo.dtproperties'
WHEN 'T' THEN 'CREATE TRIGGER '+@ObjectName+' ON '+ @tablename+' WITH ENCRYPTION FOR '+@trigtype+' AS PRINT ''a'''
END
set @q=4000-len(@OrigSpText2)
set @OrigSpText2=@OrigSpText2+REPLICATE('-',@q)
end
else
begin
SET @OrigSpText2=REPLICATE('-', 4000)
end

SET @i=1
SET @resultsp = replicate(N'A', (datalength(@OrigSpText1) / 2))--fill temporary variable
WHILE @i<=datalength(@OrigSpText1)/2
BEGIN
--reverse encryption (XOR original+bogus+bogus encrypted)
SET @resultsp = stuff(@resultsp, @i, 1, NCHAR(
UNICODE(substring(@OrigSpText1, @i, 1)) ^
(
UNICODE(substring(@OrigSpText2, @i, 1)) ^ UNICODE(substring(@OrigSpText3, @i, 1))
)
)
)
SET @i=@i+1
END

if @n=1 begin set @sql1=@resultsp end
if @n=2 begin set @sql2=@resultsp end
if @n=3 begin set @sql3=@resultsp end
if @n=4 begin set @sql4=@resultsp end
if @n=5 begin set @sql5=@resultsp end
if @n=6 begin set @sql6=@resultsp end
if @n=7 begin set @sql7=@resultsp end
if @n=8 begin set @sql8=@resultsp end
if @n=9 begin set @sql9=@resultsp end
if @n=10 begin set @sql10=@resultsp end
insert into #tempresult values (@resultsp)--把解密数据放入结果表中

set @n=@n+1--循环
end

drop table #temp--删除临时表

SET @resultsp=case @type
WHEN 'P' THEN 'drop PROCEDURE '+ @ObjectName
WHEN 'V' THEN 'drop VIEW '+ @ObjectName
WHEN 'T' THEN 'drop TRIGGER '+@ObjectName
END
Execute( @resultsp)--删除对象

--重新创建对象
if @n=1 begin exec(@sql1) end
if @n=2 begin exec(@sql1 + @sql2) end
if @n=3 begin exec(@sql1 + @sql2+@sql3 ) end
if @n=4 begin exec(@sql1 + @sql2+@sql3 + @sql4 ) end
if @n=5 begin exec(@sql1 + @sql2+@sql3 + @sql4 + @sql5) end
if @n=6 begin exec(@sql1 + @sql2+@sql3 + @sql4 + @sql5+ @sql6) end
if @n=7 begin exec(@sql1 + @sql2+@sql3 + @sql4 + @sql5+ @sql6+ @sql7 ) end
if @n=8 begin exec(@sql1 + @sql2+@sql3 + @sql4 + @sql5+ @sql6+ @sql7 + @sql8) end
if @n=9 begin exec(@sql1 + @sql2+@sql3 + @sql4 + @sql5+ @sql6+ @sql7 + @sql8 + @sql9) end
if @n=10 begin exec(@sql1 + @sql2+@sql3 + @sql4 + @sql5+ @sql6+ @sql7 + @sql8 + @sql8 + @sql10) end

select * from #tempresult--显示结果表
drop table #tempresult--删除结果表
end

--NCHAR 根据 Unicode 标准所进行的定义，用给定整数代码返回 Unicode 字符。
--语法 NCHAR ( integer_expression )
--参数
--integer_expression 介于 0 与 65535 之间的所有正整数。如果指定了超出此范围的值，将返回 NULL。

---------------------------------

--STUFF 删除指定长度的字符并在指定的起始点插入另一组字符。
--语法 STUFF ( character_expression , start , length , character_expression )
--参数
--character_expression 由字符数据组成的表达式。character_expression 可以是常量、变量，也可以是字符或二进制数据的列。
--start 是一个整形值，指定删除和插入的开始位置。如果 start 或 length 是负数，则返回空字符串。如果 start 比第一个 character_expression 长，则返回空字符串。
--length 是一个整数，指定要删除的字符数。如果 length 比第一个 character_expression 长，则最多删除到最后一个 character_expression 中的最后一个字符。





GO
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO

感谢dulao5

我倒