Many moons ago when I was working on a 9i database, I encountered an issue where my information wasn't completely obfuscated. I had a package that was performing some encryption, and I wanted to ensure the seed to my encryption method was hidden. Take the following example:
create or replace procedure seeder is vc varchar2(20) := 'This string';begin null;end;/I would expect this information to be wrapped, just like the rest of my code.
exec DBMS_DDL.CREATE_WRAPPED(dbms_metadata.get_ddl(object_type => 'PROCEDURE', name => 'SEEDER'));select dbms_metadata.get_ddl('PROCEDURE' ,'SEEDER') from dual;DBMS_METADATA.GET_DDL('PROCEDURE','SEEDER')--------------------------------------------------------------------------------CREATE OR REPLACE PROCEDURE "SAGE"."SEEDER" wrappeda000000b2abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd74f 92t5QJKAdccmuGzbpujO65PNpHmLQwg5nnm7+fMr2ywFxpnp8yMlKyCQmldIsJaefHK+fHdMAzuHRlJXxlUMNLwlxpKPqFVisW0T6XRwzqxIvAwDL+0h3l0pmBCC2LwIHHLYsJcKamqIi2Mg==1 row selected. So it seems that the algorithm has improved and being able to "see" strings in the wrapped code is no longer a problem.
Once again another demonstration of how "known knowns" can change over time, and you must always test behaviour on your version; your infrastructure.
Source: http://www.grassroots-oracle.com/2009/10/on-wrapping-obfuscating-plsql.html
Không có nhận xét nào:
Đăng nhận xét