1

I'm profiling a database just now and need to see the UPDATE and INSERT statements being executed on a particular table.

However, because the table has a 'Password' column the SQL Profiler is being understandingly cautious and replacing the TextData column with:

-- 'password' was found in the text of this event.
-- The text has been replaced with this comment for security reasons.

How do I prevent it doing this because I need to see the SQL statement being executed?

Kev
  • 7,877
  • 18
  • 81
  • 108

1 Answers1

1
  1. Revert to sql server 2000 sp3
  2. Upgrade to sql server 2005
  3. Use this hack which PATCHES sqlservr.exe & definitely not supported by microsoft.
Nick Kavadias
  • 10,796
  • 7
  • 37
  • 47
  • Oh joy. This is a production box and the bug I'm trying to trace only happens in production. Thanks anyway. – Kev May 26 '10 at 16:01
  • your only alternative is to rename any reference to password (or other bad words) in the call – Nick Kavadias May 26 '10 at 16:03
  • Yeah...Sadly there's no chance of doing that. The column is used all over the sodding place. Talk about security through obscurity. That's one of the worst approaches to solving a [non-]problem I've ever seen. I could go on..... :) – Kev May 26 '10 at 16:11
  • you're not the only one that thinks this: http://www.devproconnections.com/article/database-development/A-Classic-Security-Challenge-SQL-Profiler-and-Password-Text.aspx – Nick Kavadias May 26 '10 at 16:13
  • added your other option... hahaha – Nick Kavadias May 26 '10 at 16:17
  • LOL....I wish :) – Kev May 26 '10 at 18:49
  • We finally migrated off the db's on this box to a new Windows 2008/SQL 2008 R2 environment (its been in the pipeline for a while, this profiler issue bumped things along a bit), so problem solved. I can't believe MS don't have an official hotfix to undo that daft idea. – Kev Jul 05 '10 at 01:10