There are a lot of tools out there which decrypt programmable objects in databases, some of them work by using the ALTER procedure method to extract the key, and some work by getting the database GUID and generating the key from the procedure using the object ID.
But - under what circumstances is it right to use these sorts of tools?
Thought I'd give some possible scenarios:
1) It's the middle of the night, and an encrypted procedure is failing, bringing your production system down with it. The documentation isn't clear as to whether the procedure is vital or not, nor to what it is actually trying to achieve.
2) You have a third party app which was pretty nippy when first installed, but has got slower and slower since. You have narrowed it down to the procedure in question, and you sincerely hope there isn't a cursor in there, but you don't know.
3) You have tried and failed with a third party application provider to get support into an issue with an encrypted procedure, and want to provide them with some more specific detail.
4) You lost your own source code.
I had to customize a third-party app which required I decrypt the stored procs to modify them. My supervisors were aware that it would probably void any support. A lot of software you purchase remains the property of the vendor and a license only gives you the right to use it. So tampering with the encryption probably isn't legal... But our customers were happy and no animals were harmed.
answered Feb 03, 2010 at 10:01 PM