Hide SQL in Profiler

How can I make my SQL statements not to appear in Profiler ? They contain sensitive information and I don't want them to sh开发者_如何学运维ow in Profiler.

Thanks for the replies !

---

The profiler can only be run by someone with proper rights so if your installation is properly secured you should be fine (no users should be able to profile your application).This goes beyond security, since profiler slows down the server considerably.

---

There is no way. The "text" column in profiler can not be removed from use.

You need rights to run profiler (sysadmin or GRANT ALTER TRACE) so it's not an implicit right.

Note:

• sysadmins could decrypt stored procs or add logging code, regardless of whether they run profiler
• physical access needs controlled, at least to stop someone taking a copy of the database away
• things like sp_password or ALTER LOGIN are not traced anyway

---

Only way I can think of to do this would be to make them stored procedures (The profiler would only show the call), but if the arguments are what's secure (which is likely) then that won't help you (Edit: As pointed out in comments you can change the config of the profiler to include this anyway, so this won't help much)

Have you considered not giving access to people not allowed to view the data? Access to run the profiler is a pretty high level of access...

Also, have you considered hashing your data before storing/querying it? Sometimes that won't work, but if we're talking passwords then they really should be stored and looked up in an encrypted form anyway.

---

I've noticed if you use the encryption functions build into SQL (Written about at https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/sql-server-encryption?view=sql-server-ver15) like ENCRYPTBYPASSPHRASE, the text is not shown in profiler - I'm not sure if this is 100% fool proof but it does fit the question.

Example...