By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,359 Members | 1,455 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,359 IT Pros & Developers. It's quick & easy.

Find hard coded strings in SQL: can it be done programatically?

P: 71
The problem:

Company was bought out and we are bringing everything into complience. Passwords are not secure and do not need to be.(required by software we are using)

Old passwords *may or may not have been hard coded* in SQL SERVER database to validate (each account was setup with the same generic password).

Need to check each proc or function for presense of hard-coded password.

We have hundreds of functions that may or may not have this hard coded password.

Is there a way to cycle through each proc and function to search for the presence of the password?
Jun 4 '08 #1
Share this Question
Share on Google+
4 Replies

Expert 5K+
P: 8,127
Try to search for the same in the procedure and function body text.
Jun 6 '08 #2

P: 71
Try to search for the same in the procedure and function body text.
There's the rub.

I don't know how to do that. I'm not a database programmer. I'm a .net programmer, I haven't gotten this deep into databases in over 10 years.

DB2 was the last one I had any serious hands-on with.
Jun 6 '08 #3

Expert 2.5K+
P: 2,878
This will list all object name and it's definition.

Expand|Select|Wrap|Line Numbers
  1. select, definition
  2. from sys.sql_modules m
  3. inner join sysobjects o on = m.object_id
  4. where xtype in ('P','IF','TR') and definition like '%stringyourlookingfor%' 
If the definition is NULL, the code is encrypted. This will only list all stored proc, functions and triggers. Replace the stringyourlookingfor as necessary.

Happy Coding

-- CK
Jun 7 '08 #4

P: 30
edit: n/m; i didn't see that you already know the password

You could also open up the management studio, right click on a database, click generate scripts, and script all objects to a new window (which creates the sql to re-create your whole database-sprocs and all) and just do a ctrl+f for phrases like 'pass' and 'password' if you don't know the exact password.

Jun 8 '08 #5

Post your reply

Sign in to post your reply or Sign up for a free account.