PL/SQL Wrap Utility and DBMS_DDL.WRAP Function to Encrypt your PL/SQL Code
Oracle Account Receivables Concurrent Programs CONCURRENT PROGRAM SHORT CODE CONCURRENT PROGRAM NAME ARCABP Cash Application Batch Posting ARXCER Collection.
Often developers want to wrap their code to prevent the misuse of their code and also sometimes they don’t want to expose their algorithm to the world. For such cases Oracle has come up with a utility called ‘wrap utility’ (wrap.exe) which provides a way for PL/SQL developers to protect their intellectual property by making their PL/SQL code unreadable. These encryption options have long been available for other programming languages and were introduced for PL/SQL in version 7.
The wrap utility takes a readable, ASCII text file as input and converts it to a file containing byte code. The result is that the DBA, developers or anyone with database access cannot view the source code in any readable format.
How to run?
To run the Wrap Utility, enter the wrap command at your operating system prompt using the following syntax:
wrap iname=input_file [oname=output_file]
Where
- iname – The name of the unencrypted PL/SQL file to be used as input (your source file).
- oname – The name of the output file. This file will be encrypted.
Note:
- Leave no space around the equal signs because spaces delimit individual arguments.
- The wrap command requires only one argument, which is iname=input_file where input_file is the name of the Wrap Utility input file. You need not specify the file extension because it defaults to sql.
- However, you can specify a different file extension such as ‘wrap iname=/mydir/myfile.src’
- Optionally, the wrap command takes a second argument, which is oname=output_file where output_file is the name of the Wrap Utility output file. You need not specify the output file because its name defaults to that of the input file and its extension defaults to plb (PL/SQL binary).
- Generally, the output file is much larger than the input file.
- The input file can contain any combination of SQL statements. However, the Wrap Utility encrypts only the CREATE statements, which define subprograms, packages, or object types.
- If your input file contains syntax errors, the Wrap Utility detects and reports them. However, the Wrap Utility cannot detect semantic errors because it does not resolve external references.
To test the Wrap Utility, let’s first create a procedure (test_wrap_proc.sql)
Then go to the command prompt and run the Wrap Utility as shown below.
It will create an encrypted file (test_wrap_proc.plb) as shown below.
To run and view the results of this encrypted file, go to SQL*Plus and compile the procedure.
Oracle has given few Guidelines for Wrapping as below:
- Wrap only the body of a package or object type, not the specification. This allows other developers to see the information they must use the package or type, but prevents them from seeing its implementation.
- Wrap code only after you have finished editing it. You cannot edit PL/SQL source code inside wrapped files. Either wrap your code after it is ready to ship to users or include the wrapping operation as part of your build environment. To change wrapped PL/SQL code, edit the original source file and then wrap it again.
- Before distributing a wrapped file, view it in a text editor to be sure that all important parts are wrapped.
There are few Limitations also:
- Wrapping is not a secure method for hiding passwords or table names.
- Wrapping does not hide the source code for triggers. To hide the workings of a trigger, write a one-line trigger that invokes a wrapped subprogram.
- Wrapping does not detect syntax or semantic errors.
- Wrapped PL/SQL units are upward-compatible between Oracle Database releases, but are not downward-compatible. For example, you can load files processed by the V8.1.5
wrap
utility into a V8.1.6 Oracle Database, but you cannot load files processed by the V8.1.6wrap
utility into a V8.1.5 Oracle Database.
Using DBMS_DDL for Obfuscation:
In prior releases you have been able to use the wrap utility to obfuscate code. However any program unit created dynamically by using EXECUTE IMMEDIATE or DBMS_SQL is not automatically wrapped. This need has been satisfied in the Oracle10gR2.
The DBMS_DDL package contains the WRAP and CREATE_WRAPPED methods for obfuscating a single PL/SQL unit that can only be a package specification, package body, function, procedure, type specification, or type body.
The wrap functions provide a mechanism for obfuscating dynamically generated PL/SQL program units that are created in a database.
Benefits of Dynamic Obfuscation:
Added security to dynamically generated code.
- Ability to create wrapped code without compiling the program unit
- Ability to create obfuscated program units on the fly using end-user specification
Use the overloaded WRAP function with EXECUTE IMMEDIATE to create the wrapped code, as the following example illustrates:
To see the wrapped procedure, select the text from the USER_SOURCE view.
Now the million dollar question is– Can we unwrap a PL/SQL Code?
Please note: there is no legal way to unwrap a *.plb binary file (as said by Oracle). You are supposed to backup and keep your source files after wrapping them. However this world is filled with lots of skilled hackers and it is not impossible to unwrap PL/SQL Code. If you are more interested, you can check out the below links which contain very interesting discussion about this topic.
- MOS Note: Wrap Utility – Unwrap PL/SQL Code? [ID 376303.1]
Oracle® Database PL/SQL Language Reference 11g Release 1 (11.1)
If(window.mw){ mw.loader.implement('user.options',function($){mw.user.options.set({'ccmeonemails':0,'cols':80,'date':'default','diffonly':0,'disablemail':0,'disablesuggest':0,'editfont':'default','editondblclick':0,'editor':2,'editsection':1,'editsectiononrightclick':0,'enotifdiscussionsfollows':1,'enotifdiscussionsvotes':1,'enotifminoredits':1,'enotifrevealaddr':0,'enotifusertalkpages':1,'enotifwatchlistpages':1,'extendwatchlist':0,'externaldiff':0,'externaleditor':0,'forceeditsummary':0,'hideminor':0,'hidepatrolled':0,'highlightbroken':1,'htmlemails':1,'imagesize':1,'justify':0,'math'. Kotor save game editor.
Thanks
Dibyajyoti Koch
PL/SQL User's Guide and Reference | Library | Product | Contents | Index |
Advantages of Wrapping
The PL/SQL Wrapper converts PL/SQL source code into an intermediate form of object code. By hiding application internals, the Wrapper prevents- misuse of your application by other developers
- exposure of your algorithms to business competitors
- platform independence--you need not deliver multiple versions of the same compilation unit
- dynamic loading--users need not shut down and relink to add a new feature
- dynamic binding--external references are resolved at load time
- strict dependency checking--invalidated program units are recompiled automatically
- normal importing and exporting--the Import/Export utility accepts wrapped files
Running the PL/SQL Wrapper
To run the PL/SQL Wrapper, enter the WRAP command at your system prompt using the following syntax: You can use uppercase or lowercase. Leave no space around the equal signs because spaces delimit individual arguments.
The WRAP command requires only one argument, which is
where input_file is the path and name of the Wrapper input file. You need not specify the file extension because it defaults to sql. For example, the following commands are equivalent:
However, you can specify a different file extension as the following example shows:
They released two albums in the 1970’s “Black Merda” (Chess 1970) and “Long Burn The Fire” (GRT 1972) which weren’t properly promoted when first released, but are now seen as Black Rock classics by a growing number of international music fans. Their 2005 release “The Folks From Mothers Mixer” (Funky Delicacies 2005) containing both of 1970s albums on one CD, is lauded as the most creative, lyrically and musically diverse albums of that genre. Black merda long burn the fire. Black Merda anticipates the grim consciousness-raising session of Sly & the Family Stone‘s There’s a Riot Goin’ On, which wouldn’t arrive in stores until a year after this album, and if it isn’t the stark masterpiece that Sly’s album was, it’s good enough that this group deserves to be regarded as much more than a footnote in the black music scene of the early ’70s. Black Merda (Pronounced Black Murder), the first all black rock band to write and play their own music in the late 1960s and early 1970s, are considered to be Black Rock pioneers as well as the originators of their own style of Black Psychedelic Rock.
Optionally, the WRAP command takes a second argument, which is
where output_file is the path and name of the Wrapper output file. You need not specify the output file because its name defaults to that of the input file and its extension defaults to plb (PL/SQL binary). For example, the following commands are equivalent:
However, you can use the option ONAME to specify a different file name and extension, as the following example shows:
Input and Output Files
The input file can contain any combination of SQL statements. However, the PL/SQL Wrapper wraps only the following CREATE statements, which define PL/SQL packages and standalone subprograms:- CREATE [OR REPLACE] PACKAGE
- CREATE [OR REPLACE] PACKAGE BODY
- CREATE [OR REPLACE] FUNCTION
- CREATE [OR REPLACE] PROCEDURE
A wrapped package or subprogram definition has the form
where header begins with the reserved word CREATE and ends with the name of the package or subprogram, and body is an intermediate form of object code that looks like a random sequence of characters. The keyword WRAPPED tells the PL/SQL compiler that the package or subprogram is wrapped.
The header can contain comments. For example, the Wrapper converts
into
Generally, the output file is much larger than the input file.
Error Detection
If your input file contains syntactic errors, the PL/SQL Wrapper detects and reports them. However, the Wrapper cannot detect semantic errors because it does not resolve external references. That is done at compile time. So, only the PL/SQL compiler can detect semantic errors.Copyright © 1996 Oracle Corporation. All Rights Reserved. | Library | Product | Contents | Index |