472,145 Members | 1,511 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

home > topics > microsoft sql server > questions > find hard coded strings in sql: can it be done programatically?

Join Bytes to post your question to a community of 472,145 software developers and data experts.

Find hard coded strings in SQL: can it be done programatically?

Lokean
71
The problem:

Company was bought out and we are bringing everything into complience. Passwords are not secure and do not need to be.(required by software we are using)

Old passwords *may or may not have been hard coded* in SQL SERVER database to validate (each account was setup with the same generic password).

Need to check each proc or function for presense of hard-coded password.

We have hundreds of functions that may or may not have this hard coded password.

Is there a way to cycle through each proc and function to search for the presence of the password?
Jun 4 '08 #1
4 2200
debasisdas
8,127 Expert 4TB
Try to search for the same in the procedure and function body text.
Jun 6 '08 #2
Lokean
71
Try to search for the same in the procedure and function body text.
There's the rub.

I don't know how to do that. I'm not a database programmer. I'm a .net programmer, I haven't gotten this deep into databases in over 10 years.

DB2 was the last one I had any serious hands-on with.
Jun 6 '08 #3
ck9663
2,878 Expert 2GB
This will list all object name and it's definition.

Expand|Select|Wrap|Line Numbers
  1. select o.name, definition
  2. from sys.sql_modules m
  3. inner join sysobjects o on o.id = m.object_id
  4. where xtype in ('P','IF','TR') and definition like '%stringyourlookingfor%' 
If the definition is NULL, the code is encrypted. This will only list all stored proc, functions and triggers. Replace the stringyourlookingfor as necessary.

Happy Coding

-- CK
Jun 7 '08 #4
edit: n/m; i didn't see that you already know the password

You could also open up the management studio, right click on a database, click generate scripts, and script all objects to a new window (which creates the sql to re-create your whole database-sprocs and all) and just do a ctrl+f for phrases like 'pass' and 'password' if you don't know the exact password.

Zach
Jun 8 '08 #5

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics
Can we use details hard coded into exe directly in reports without storing in DB
1 post views Thread by SuryaPrakash Patel via SQLMonster.com | last post: by
The Harm of hard-wrapping Lines
33 posts views Thread by Xah Lee | last post: by
Can I find strings that need localization?
1 post views Thread by Graham | last post: by
How to find the SQL Server 2005 port
9 posts views Thread by Cathy | last post: by
openGauss security policy
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates