Sol*_*zky 4 sql-server permissions signature certificate
我创建了一些证书(通过CREATE CERTIFICATE)和非对称密钥(通过CREATE ASYMMETRIC KEY)并使用它们来签署和会签各种存储过程、用户定义函数(UDF)、触发器和程序集(通过ADD SIGNATURE) . 但是现在我需要找到哪些证书和/或非对称密钥已用于对哪些特定模块进行签名。
最简单的方法似乎是使用sys.crypt_properties目录视图,它保存证书/非对称密钥和签名模块之间的关系,以及用法(即签名或反签名)。还有一些其他方法可以找到哪些模块已签名,但似乎没有一种方法可以表明签名与反签名。
SELECT SCHEMA_NAME(so.[schema_id]) AS [SchemaName],
so.[name] AS [ObjectName],
so.[type_desc] AS [ObjectType],
---
scp.crypt_type_desc AS [SignatureType],
ISNULL(sc.[name], sak.[name]) AS [CertOrAsymKeyName],
---
scp.thumbprint
FROM sys.crypt_properties scp
INNER JOIN sys.objects so
ON so.[object_id] = scp.[major_id]
LEFT JOIN sys.certificates sc
ON sc.thumbprint = scp.thumbprint
LEFT JOIN sys.asymmetric_keys sak
ON sak.thumbprint = scp.thumbprint
WHERE so.[type] <> 'U'
ORDER BY [SchemaName], [ObjectType], [ObjectName], [CertOrAsymKeyName];
在我的测试数据库中,此查询返回以下内容:
Schema ObjectName ObjectType SignatureType CertOrAsymKeyName thumbprint
------ ---------- ---------- ------------- ----------------- ----------
dbo fnPaymentCalc SQL_SCALAR_FUNCTION COUNTER SIGNATURE BY ASYMMETRIC KEY KeyTest1 0x2333B2FA6AA8004E
dbo ModuleTest2 SQL_STORED_PROCEDURE SIGNATURE BY CERTIFICATE CrossDatabaseCert 0x49BA174584C78C878D923690C15898A809CBACDF
dbo TestSig SQL_STORED_PROCEDURE SIGNATURE BY CERTIFICATE bob 0x778B3DB4ED981FC27AB301ACE7A1AB8424F64792
dbo TestSig SQL_STORED_PROCEDURE SIGNATURE BY ASYMMETRIC KEY KeyTest1 0x2333B2FA6AA8004E
| 归档时间: |
|
| 查看次数: |
3066 次 |
| 最近记录: |