Protecting SQL script info?

[Ira Rainey]

I have and installer for one of my products (built using IA 6.5) which installs SQL 2005 Express SP2 (along with a bunch of other stuff obviously) and after that has gone on, runs several scripts against the server using the Alternate SQL Plugin. This all works fine, but obviously the scripts are then included in the build and could be accessed by extracting them from the setup (or of course in the case of an uncompressed directory stucture are freely available).

The problem here is that one of the jobs I carry out in one of the scripts is disabling the sa account and creating another login as a member of the sysadmin group. The server is set to use mixed authentication (Windows only isn't an option) and so the script contains the login password.

How can I protect this information?

One thought was to put the script into some .net code and compile it up into an exe which gets obfuscated and run it from there, but that's extra hassle.

What do other people do in terms of keeping SQL scripts secure?

Cheers.

Ira

[jimo]

There is no good way to do this.

I personsally don't use the plugins for scripts but rather write out the script and run sqlsmd or osql.exe to run the script then delete it.

[Ira Rainey]

Thanks jimo, that's one option I suppose. Although being pedantic the script would still be around even if only momentarily.

The other option I was looking at was encrypting the scripts using a private key and then writing an app to run them direct itself. That way all I need to do if I change the scripts is to re-encrypt them.

A nice addition to the Alternate SQL plugin though would be to be able to encrypt and decrypt scripts, or even as a new plugin. I briefly looked at writing one, but C++ or Delphi aren't my bag.