Find hard coded strings in SQL: can it be done programatically?

By Locrian_Lyric ·
The problem:

Company was bought out and we are bringing everything into complience. Passwords are not secure and do not need to be.(required by software we are using)

Old passwords *may or may not have been hard coded* in SQL SERVER database to validate (each account was setup with the same generic password).

Need to check each proc or function for presense of hard-coded password.

We have hundreds of functions that may or may not have this hard coded password.

Is there a way to cycle through each proc and function to search for the presence of the password, either through SQL or an app to hit SQL server?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Couple of Links

by robo_dev In reply to Find hard coded strings i ...

Maybe the 'Vulnerability Scanning script' would help?

Maybe a general SQL security vuln tester would catch these???

Apex claims to be able to do that:

Collapse -

Well you can, access the procs in the meta data

by Tony Hopkinson In reply to Find hard coded strings i ...

But probably the easiest way is just to script the database schema to file and them parse through it in text.

Collapse -


by Locrian_Lyric In reply to Find hard coded strings i ...

you both get a thumbs up from me!

Related Discussions

Related Forums