Question

Locked

Find hard coded strings in SQL: can it be done programatically?

By Locrian_Lyric ·
The problem:

Company was bought out and we are bringing everything into complience. Passwords are not secure and do not need to be.(required by software we are using)

Old passwords *may or may not have been hard coded* in SQL SERVER database to validate (each account was setup with the same generic password).

Need to check each proc or function for presense of hard-coded password.

We have hundreds of functions that may or may not have this hard coded password.

Is there a way to cycle through each proc and function to search for the presence of the password, either through SQL or an app to hit SQL server?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Couple of Links

by robo_dev In reply to Find hard coded strings i ...

Maybe the 'Vulnerability Scanning script' would help?
http://www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx

Maybe a general SQL security vuln tester would catch these???
http://www.sql-server-performance.com/software/security_reviews.aspx

Apex claims to be able to do that:
http://www.apexsql.com/

Collapse -

Well you can, access the procs in the meta data

by Tony Hopkinson In reply to Find hard coded strings i ...

But probably the easiest way is just to script the database schema to file and them parse through it in text.

Collapse -

Thanks!

by Locrian_Lyric In reply to Find hard coded strings i ...

you both get a thumbs up from me!

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Forums