Can I encrypt CMD scripts so that they aren't readable but are still executable?
We have a number of CMD scripts that pass login credentials to either Microsoft SQL or remote client (rclient) to control operations on other servers. Is there a way to encrypt or encode these files so that they are not readable, but are still executable? We are running NT4 and 2000.
There are several possible approaches to this problem, including using the Data Protection API (DPAPI) to encrypt the connection string portion that holds the user credentials, using the network security identify of the user (using the Trusted Connection or Integrated Security attribute), storing credentials in a configuration file (don't do so in clear text) and securing the communication channel using IPSec or SSL. An excellent discussion on the methods available for securing connection strings for MS SQL Server is available in the Data access security chapter
of the Building Secure ASP.NET applications
. Several of these methods require the use of ASP.NET but others may be suitable in your circumstances.
By the way, I strongly recommend the entire document for every MS SQL Server administrator, programmer and even Windows administrators who work with Web and database applications. It's a total of 600 pages packed with security information and addresses real world scenarios.
I'm sorry I cannot direct you to "rclient" resources of the same caliber.
This was first published in April 2003