因项目管理规定,所有的存储程式(SP)都需要加密。
如何批量加密所有的SP呢?
在网上找到了参考的代码,然后发现除SP外连同View,Trigger,Function等也可以一并处理!
参考资料: https://download.csdn.net/download/xiaojie449/12171480
如下是在原作基础上略作补充的方法:
create procedure sp_EncryptObject
(@Object sysname='All'
)
as
/*当@Object=All的时候,对所有的函数,存储过程,视图和触发器进行加密调用方法:1. Execute sp_EncryptObject 'All'2. Execute sp_EncryptObject 'ObjectName'
*/
beginset nocount onif @Object <>'All'beginif not exists(select 1 from sys.objects a where a.object_id=object_id(@Object) And a.type in('P','V','TR','FN','IF','TF'))begin--SQL Server 2008--raiserror 50001 N'无效的加密对象!加密对象必须是函数,存储过程,视图或触发器。'--SQL Server 2012--throw 50001, N'无效的加密对象!加密对象必须是函数,存储过程,视图或触发器。',1 --SQL Server 2016raiserror ('无效的加密对象!加密对象必须是函数,存储过程,视图或触发器。',16,1)returnendif exists(select 1 from sys.sql_modules a where a.object_id=object_id(@Object) and a.definition is null)begin--SQL Server 2008--raiserror 50001 N'对象已经加密!'--SQL Server 2012--throw 50001, N'对象已经加密!',1 --SQL Server 2016raiserror ('无效的加密对象!加密对象必须是函数,存储过程,视图或触发器。',16,1)returnendenddeclare @sql nvarchar(max),@C1 nchar(1),@C2 nchar(1),@type nvarchar(50),@Replace nvarchar(50)set @C1=nchar(13)set @C2=nchar(10)declare cur_Object cursor for select object_name(a.object_id) As ObjectName,a.definition from sys.sql_modules a inner join sys.objects b on b.object_id=a.object_idand b.is_ms_shipped=0and not exists(select 1 from sys.extended_properties xwhere x.major_id=b.object_idand x.minor_id=0and x.class=1and x.name='microsoft_database_tools_support')where b.type in('P','V','TR','FN','IF','TF')and (b.name=@Object or @Object='All')--and ( b.name like'%abc_%' or b.name like'%_20240820%' )and b.name <>'sp_EncryptObject'and a.definition is not null order by Case when b.type ='V' then 1 when b.type ='TR' then 2when b.type in('FN','IF','TF') then 3 else 4 end,b.create_date,b.object_idopen cur_Objectfetch next from cur_Object into @Object,@sqlwhile @@fetch_status=0beginBegin Try if objectproperty(object_id(@Object),'ExecIsAfterTrigger')=0 set @Replace='As' ; else set @Replace='For ';if (patindex('%'+@C1+@C2+@Replace+@C1+@C2+'%',@sql)>0)beginset @sql=Replace(@sql,@C1+@C2+@Replace+@C1+@C2,@C1+@C2+'With Encryption'+@C1+@C2+@Replace+@C1+@C2)endelse if(patindex('%'+@C1+@Replace+@C1+'%',@sql)>0)begin set @sql=Replace(@sql,@C1+@Replace+@C1,@C1+'With Encryption'+@C1+@Replace+@C1)endelse if(patindex('%'+@C2+@Replace+@C2+'%',@sql)>0)begin set @sql=Replace(@sql,@C2+@Replace+@C2,@C2+'With Encryption'+@C2+@Replace+@C2)endelse if(patindex('%'+@C2+@Replace+@C1+'%',@sql)>0)begin set @sql=Replace(@sql,@C2+@Replace+@C1,@C1+'With Encryption'+@C2+@Replace+@C1)endelse if(patindex('%'+@C1+@C2+@Replace+'%',@sql)>0)begin set @sql=Replace(@sql,@C1+@C2+@Replace,@C1+@C2+'With Encryption'+@C1+@C2+@Replace)endelse if(patindex('%'+@C1+@Replace+'%',@sql)>0)begin set @sql=Replace(@sql,@C1+@Replace,@C1+'With Encryption'+@C1+@Replace)endelse if(patindex('%'+@C2+@Replace+'%',@sql)>0)begin set @sql=Replace(@sql,@C2+@Replace,@C2+'With Encryption'+@C2+@Replace)endset @type =case when object_id(@Object,'P')>0 then 'Proc'when object_id(@Object,'V')>0 then 'View'when object_id(@Object,'TR')>0 then 'Trigger'when object_id(@Object,'FN')>0 or object_id(@Object,'IF')>0 or object_id(@Object,'TF')>0 then 'Function'endset @sql=Replace(@sql,'Create '+@type,'Alter '+@type)Begin Transactionexec(@sql) print N'已完成加密对象('+@type+'):'+@Object Commit TransactionEnd TryBegin CatchDeclare @Error nvarchar(2047)Set @Error='Object: '+@Object+@C1+@C2+'Error: '+Error_message()Rollback Transaction print @Errorprint @sql End Catchfetch next from cur_Object into @Object,@sqlendclose cur_Objectdeallocate cur_Object
endGo
exec sp_ms_marksystemobject 'sp_EncryptObject' --标识为系统对象
go2022.08.22补充:
亲测存在的bug
1. create proc 转换成 alter proc 时会检查中间的空格,所以不一定能加密成功
2.数据库中存在_back命名的程式会被识别成备份还原,所以跑完会覆盖原有程式(此处风险极大)
p.s.针对此项,扑救方式是检查一定时间内数据库实际异动的程式,根据捞出来的OBJECT还原那些确定不该被动到的程式。(但其实更好的方法还是优化上面那段加密的代码)
select Name as object_name,typefrom sys.objects (nolock)where --convert(varchar(20),modify_date,111)='2024/08/23' --异动日期
convert(varchar(20),modify_date,120)>='2024/08/23 20:00' --精确到时间
--and type in('P','V','TR','FN','IF','TF') --C = CHECK 约束 D = 默认值或 DEFAULT 约束 F = FOREIGN KEY 约束 FN = 标量函数 IF = 内嵌表函数 K = PRIMARY KEY 或 UNIQUE 约束 L = 日志 P = 存储过程 R = 规则 RF = 复制筛选存储过程 S = 系统表 TF = 表函数 TR = 触发器 U = 用户表 V = 视图 X = 扩展存储过程
and type not in('C','D','U')
AND RIGHT(NAME,4) NOT LIKE 'TEST' --排除最后是TEST结尾的测试程式
AND ISNUMERIC(RIGHT(NAME,8))=0 --排除最后是日期结尾的备份程式
and SCHEMA_ID=1
--AND LEFT(NAME,3)=''--获取三个字母开头的系统模组参考资料:
SQL Server系统表sysobjects介绍与使用
SQL SERVER中的sys.objects和sysobjects的区别_sys.objects sysobjects-CSDN博客
0823)
)
)
)
住部分网络)