Scan entire DB programmatically

958 views Asked by At

I have recently inherited a set of very large SQL Server databases. the application and database schema are a mess. I have run across a few fields in the database that store different types of sensitive data, where they should not be stored. since there are almost 10,000 tables in my database, I am in desperate need of a way to programmatically scan a few of these databases to find out where the data is. I realize this will be very resource intensive, so I have setup a server specifically to run a scan on backups of the databases.

I also have zero dollars for purchasing any tools.

Does anyone know of a way with C# and SQL that I can scan all user tables in the database for sensitive data?

an example of scanning for one type of data (eg. SSN) would be extremely helpful. I confident that I can extrapolate that into all the scenarios I would need.

4

There are 4 answers

0
AudioBubble On BEST ANSWER

this sql will list all user tables and row counts in a database. It will be a starting point..

SELECT o.name,
  ddps.row_count 
FROM sys.indexes AS i
  INNER JOIN sys.objects AS o ON i.OBJECT_ID = o.OBJECT_ID
  INNER JOIN sys.dm_db_partition_stats AS ddps ON i.OBJECT_ID = ddps.OBJECT_ID
  AND i.index_id = ddps.index_id 
WHERE i.index_id < 2  AND o.is_ms_shipped = 0 ORDER BY o.NAME 

Hth, O

0
bhupendra patel On

This query will help you to find the column with particular name and datatype

SELECT t.name AS table_name,
    SCHEMA_NAME(t.schema_id) AS schema_name,
    c.name AS column_name ,tp.name
FROM sys.tables AS t
INNER JOIN sys.columns c ON t.OBJECT_ID = c.OBJECT_ID
INNER JOIN sys.types tp ON tp.user_type_id=c.user_type_id
WHERE c.name LIKE '%Product%' AND tp.name LIKE '%int%'
ORDER BY schema_name, table_name;
0
rageit On

This might be irrelevant at this point of time but shall serve as an additional note: You can use Information Schema Views to query the database objects which comply with the ISO standard definition for the INFORMATION_SCHEMA.

MSDN LINK

0
Lucia Belardinelli On

If you can open the DB into Microsoft SQL Server Managment Studio, you can try to use ApexSQL . It's a plugin that can be downloaded from here:

http://www.apexsql.com/sql_tools_search.aspx

For example: you select the database and you can look for a column name. It will show you all tables in which you have that column. Hope it helps.