Ask the Expert

Can I encrypt CMD scripts so that they aren't readable but are still executable?

We have a number of CMD scripts that pass login credentials to either Microsoft SQL or remote client (rclient) to control operations on other servers. Is there a way to encrypt or encode these files so that they are not readable, but are still executable? We are running NT4 and 2000.
There are several possible approaches to this problem, including using the Data Protection API (DPAPI) to encrypt the connection string portion that holds the user credentials, using the network security identify of the user (using the Trusted Connection or Integrated Security attribute), storing credentials in a configuration file (don't do so in clear text) and securing the communication channel using IPSec or SSL. An excellent discussion on the methods available for securing connection strings for MS SQL Server is available in the Data access security chapter of the Building Secure ASP.NET applications. Several of these methods require the use of ASP.NET but others may be suitable in your circumstances.

By the way, I strongly recommend the entire document for every MS SQL Server administrator, programmer and even Windows administrators who work with Web and database applications. It's a total of 600 pages packed with security information and addresses real world scenarios.

I'm sorry I cannot direct you to "rclient" resources of the same caliber.

This was first published in April 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: