Oracle comes with its very own utility of encrypting a procedure/function or a package for that matter. This encryption is achieved using the wrap utility from $ORACLE_HOME/bin. Wrap takes two arguments 'iname' and 'oname'.
iname - name of the input file name
oname - name of the output file name.
Although 'oname' is optional, however it is a good practice to include 'oname' in the command to give a user defined output file name. If 'oname' is skipped, then the wrap utility creates the output file in the same name as that of the 'iname but with an extension of 'plb'.
Let us understand this more clearly with an example. Here is a procedure code in a file test_proc.txt which will be wrapped to obfuscate the code.
-------------------
--- test_proc.txt -
-------------------
create or replace procedure p1 as
a number;
b varchar2(20);
begin
select username into b from dba_users where username='SYSTEM';
dbms_output.put_line(chr(0));
dbms_output.put_line(b);
end;
/
The above script test_proc.txt will be wrapped without mentioning an output file, results in the creation of test_proc.plb file as shown below.
C:\Documents and Settings\oracle_and_unix\Desktop>wrap iname=test_proc.txt
PL/SQL Wrapper: Release 10.2.0.1.0- Production on Fri Mar 27 15:49:38 2009
Copyright (c) 1993, 2004, Oracle. All rights reserved.
Processing test_proc.txt to test_proc.plb
C:\Documents and Settings\oracle_and_unix\Desktop>
Below is example which uses the oname parameter of the wrap utility.
C:\Documents and Settings\oracle_and_unix\Desktop>wrap iname=test_proc.txt oname=proc.sql
PL/SQL Wrapper: Release 10.2.0.1.0- Production on Fri Mar 27 15:53:53 2009
Copyright (c) 1993, 2004, Oracle. All rights reserved.
Processing test_proc.txt to proc.sql
C:\Documents and Settings\oracle_and_unix\Desktop>
The script/file generated as the output of the wrap command could be used to run in the sql prompt which actually does the job of the original sql script. The contents of the wrapped file are only readable by the Oracle server which leaves the user only wonder about the junk found in the wrapped script.
Note : The contents of the wrapped script cannot be changed to make changes to the code. In order to do that, the original script has to be editted with the changes and generate a new wrapped script.
The contents of the test_proc.plb script is shown below to give you a glance of how the wrapped script looks like.
create or replace procedure p1 wrapped
a000000
b2
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
ac ce
izB2dE4cerXXikkhm/Ipr/ZX/L4wgzJHLcvhqC82afa84JjW1G6x05lvK6itj8KZq9U/r7Vk
2xUl4Bj6E0evPV59WaW8qbZpy/JyWn6UFWot0Ep47TvJn0WwUUafm7JFLx+cvQnelC9IcYI2
9YaZ4XJaTpt4RdGb8WBCLcVwp8wS2iPacl8AlCUiwofwOoxXN/JLsCjkc1a0
/
Most of the scripts/packaged scripts that are called in the catproc.sql script are already wrapped by oracle, so no expert DBA/Developer can meddle with them....I wish if there is any such wrapping at the UNIX operating system level to encrypt all
the shell scripts....(chuckles)
No comments:
Post a Comment