Protect SQL statements from being captured and tracked by SQL profiler/event Probe

A major advantage of SQL Server databases is the rich UI management and debugging tools, which is definitely better than Oracle and other large and medium-sized databases.

Among the many tools of SQL Server, it is very important for developers and DBAs to use SQL profiler.

Each action executed in SQL Server can be clearly viewed in SQL profiler, which is very helpful for performance tuning and later maintenance.

 

 

 

However, the problem arises. After your product is released, you may not want the customer to track your SQL Execution to keep the customer confidential. So this advantage becomes your "eye point"

How can I not be tracked by SQL profiler?

Next, we will discuss this issue.

Assume that you have a table named A, which contains a password field to save the password. Execute the following SQL statement:

Select [Password] from [a]

In the SQL profiler event probe, you will see the following content:

 

-Find "password" in the event text ".
-For security reasons, replace the text with this annotation.

 

In this way, the content of the SQL statement you executed is invisible.

However, you may be confused. The password field may not exist in my table.

This is true, but Microsoft is more powerful. As long as the keyword password, encryption, and sp_setapprole appear in any part of the query process, the entire Query Process will be hidden, anywhere, of course, this includesNote.

 

 

For example, execute the following process statement:

 

Similarly, the following prompt is displayed in SQL profiler:

 

In this way, it is clear that you can add a comment containing keywords in the SQL statement you want to protect!

Address: http://www.cnblogs.com/sjcatsoft/archive/2010/01/21/1653152.html