Tyler Muth’s Blog

Technology with a focus on Oracle, Application Express and Linux

Wrap and compile in one step

Posted by Tyler Muth on September 14, 2007

The PL/SQL wrap utility is a great way to obfuscate code that you do not want anyone to view. Typically this is used for security functions Virtual Private Database and Fine Grained Auditing policies, encryption and hashing functions, and authentication and authorization procedures. The source of unwrapped code can easily be retrieved from the ALL_SOURCE view or almost any IDE that connects to the database.

Prior to 10g, you needed to use the command-line wrap binary located in $ORACLE_HOME/bin. This was a 2 step process, requiring you to first wrap the code from the shell, then compile it using SQL*Plus. 10g introduced the DBMS_DDL package, allowing you to wrap code from within PL/SQL and compile it in one step. This means you don’t need to be on a machine where Oracle is installed, allowing you to use other tools such as APEX and SQL Developer to wrap your code.

Here’s a quick example:

-- Run the following grant as sys:
-- grant execute on dbms_ddl to demo;
declare
  l_function    varchar2(32767);
begin
  l_function := q'!
    create or replace function wrap_test
      return varchar2
    is
    begin
       return 'Yep, it worked';
    end wrap_test; !';
  -- Toggle the comments on the following 2 lines to toggle wrapped / not wrapped
  -- execute immediate l_function;
  sys.dbms_ddl.create_wrapped(l_function);
end;
/

Here’s a screenshot of the wrapped source code in SQL Developer:
Wrapped Code

References:

2 Responses to “Wrap and compile in one step”

  1. Phil said

    Hi Tyler
    You gave me an APEX demo several years ago and I’ve been using it professionally ever since. Big pain with 10g and wrap for me in that I can upload a script and a package will compile fine but if I do it via the installation route it fails (Bug 6651232). This solution does not help me as I could create packages and then immediately wrap them but someone with a little APEX knowledge could then go into the supporting objects and view the unwrapped packages. Is there anyway this can be prevented in APEX 3 or 3.1?
    Phil

  2. It’s the first time I comment here and I should say that you provide us genuine, and quality information for bloggers! Good job.
    p.s. You have a very good template for your blog. Where have you got it from?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: