Thursday, August 5, 2010

Protect the Code at Source

PL/SQL program units often contain very sensitive and confidential information about company procedures and trade secrets, which makes them a protected entity group, similar to tables. To prevent unauthorized viewing of the source code, the programs are often obfuscated using the wrap command line utility. You can invoke wrap only after the PL/SQL script is created; the utility creates a wrapped file from the input clear text. Thankfully, Oracle Database 10g Release 2 provides a supplied package that you can use to create the code in a wrapped format.

For instance, imagine that you want to create the simple procedure  P in wrapped format.

scott@10GR2> create or replace procedure P
  2  as
  3  begin
  4    dbms_output.put_line('who called me');
  5  end;
  6  /

Procedure created.

Inside the PL/SQL unit, you can create it dynamically but in wrapped format with:


scott@10GR2> begin
  2     dbms_ddl.create_wrapped (' create or replace procedure p as begin
  3      dbms_output.put_line ('' who called me '' );
  4  end; ');
  5  end;
  6  /

PL/SQL procedure successfully completed.

Elapsed: 00:00:00.09


 The first line, procedure P wrapped, is confirmation that the procedure was created in wrapped manner.
 
scott@10GR2> SELECT text
  2  FROM USER_SOURCE
  3  where name ='P'
  4  /

TEXT
-------------------------------------------------------------------------------------
procedure p wrapped
a000000
b2
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
4a 85
zfdZ1Dj9NsdN+BFxsAr247WXAjUwg5nnm7+fMr2ywFwWabh0K7jAMv7Shgmm4R9Jmo8wtVDI
qVAvAMpK/gjSx1xQaeoWcoXqWtxH+qEuzIUuXGnqUKCLwIHHLStwpqbBOLbP


Elapsed: 00:00:00.04

scott@10GR2> exec p;
 who called me

PL/SQL procedure successfully completed.

Elapsed: 00:00:00.00

No comments:

Post a Comment