Oracle Stored Procedure Encryption

Oracle Stored Procedure encryption, as the name suggests, is the encryption of the Oracle stored procedure source code, so that others do not see your source code, to achieve the purpose of protection, of course, not everything is needed. Some projects may be used when they have high security requirements. Well, let's get started with this part of the journey. First, Oracle provides encryption methods-Wrap and DBMS_DDL. Of course, these two methods can not only encrypt stored procedures, but also encrypt functions, packages, and types, only encryption of stored procedures is explained here. Wrap encryption 1. usage: its usage is relatively simple, and encryption can be implemented by a command. The following command format is wrap iname = input_file [oname = output_file]. The following two methods are equivalent, my understanding is that you only need to specify the SQL statement in the file. By default, it will give the SQL suffix wrap iname =/mydir/myfilewrap iname =/mydir/myfile. SQL can be written like this. In fact, it only encrypts an SQL file. The stored procedure is encrypted, but the suffix is not the same as wrap iname =/mydir/myfile. src let's look at his output. The following two situations are also equivalent. In a timely manner, you will not specify what the output file is. You can also specify an output file for you. The second line is the same as the default one. Wrap iname =/mydir/myfilewrap iname =/mydir/myfile. SQL oname =/mydir/myfile. plb can also be written in this way. By default, It outputs the source file name with the extension of plb. If you want to execute the extension name of the output, you can also write it like this, I understand that the suffix is specified by you. Of course, as long as the encrypted file can be correctly parsed by Oracle, wrap iname =/mydir/myfile oname =/yourdir/yourfile. outnotes: If you get an encrypted SQL file and use command encryption again, the obtained file is actually the same as the original one. You can try again. Limits on Wrap: 1. This method is not very secure to encrypt password-like things. 2. encrypted files are relatively secure for general users, but they are also useless for professionals. 3. The trigger cannot be encrypted. 4. During the encryption process, Your syntax error will not be checked, but will be checked during compilation. 5. it is compatible with the Oracle version. For example, if it is a 8.1.5 encrypted file, you can run it on version 8.1.6, but it is an Oracle encrypted file of version 8.1.6, it cannot be run on 8.1.5. 6. only the following types can be encrypted, the anonymous block CREATE [or replace] FUNCTION function_nameCREATE [or replace] PROCEDURE encrypted [or replace] PACKAGE package_nameCREATE [or replace] package body package_nameCREATE [or replace] TYPE type_name as objectcreate [OR REPLACE] TYPE type_name UNDER type_nameCREATE [or replace] type body type_nameWrap procedure: whether in Linux or Oracle, ensure that the SQL plus command can run normally. That is, your Oracle environment must be installed.. In Windows, you can open the command window and enter the command in the preceding format. Wrap iname = wrap_test. SQL after the command is entered, PL/SQL Wrapper: Release 10.2.0.0.0 on Tue Apr 26 16:47:39 2005 Copyright (c) 1993,200 5, Oracle. all rights reserved. processing wrap_test. SQL to wrap_test.plb. For example, if I didn't specify the output file name, then he will create a pro1.plb file in my current directory. After opening the file, you can see: Execute the encrypted file SQL with Plsql> @ wrapped_file_name.plb; after opening the file, it is encrypted. At this time, you can only see the name of the stored procedure. Note that: if your original file contains comments, if the comments start with "--", that is, line comments, they will be deleted during encryption, if it is a C-language-like comment, it will not be deleted. Notes: It is parsed by PLSQL during insertion, so sqlplus statements cannot be inserted. DBMS_DDL Subprograms encryption DBMS_DDL includes the encryption stored procedure, function, type description, type body, and package description, package body. This subroutine provides the ability to dynamically generate PLSQL units. In fact, it is a WRAP function and a CREATE_WRAPPED stored procedure. Add the MALFORMED_WRAP_INPUT unit for exception handling. Here is an example: DECLARE package_text VARCHAR2 (32767); -- text for creating package spec & body FUNCTION generate_spec (pkgname VARCHAR2) RETURN VARCHAR2 as begin return 'create package' | pkgname | 'as procedure raise_salary (emp_id NUMBER, amount NUMBER); PROCEDURE fire_employee (emp_id NUMBER ); END '| pkgname |'; END generate_spec; FUNCTION generate_body (pkgname VARCHAR2) RETURN VARCHAR2 Begin return 'create PACKAGE body' | pkgname | 'as procedure raise_salary (emp_id NUMBER, amount NUMBER) is begin update employees SET salary = salary + amount WHERE employee_id = emp_id; END raise_salary; PROCEDURE fire_employee (emp_id NUMBER) is begin delete from employees WHERE employee_id = emp_id; END fire_employee; END '| pkgname |'; END generate_body; BEGIN -- Generate package s Pec package_text: = generate_spec ('emp_actions ') -- Create wrapped package spec partition (package_text); -- Generate package body package_text: = generate_body ('emp_actions '); -- Create wrapped package body DBMS_DDL.CREATE_WRAPPED (package_text); END;/-- Invoke procedure from wrapped packageCALL emp_actions.raise_salary (120,100 ); of course, when you call DBMS_DDL.CREATE_WRAPPED, you must make sure that your local storage process is not alive. You must add SYS. DBMS_DDL.WRAP or SYS. DBMS_DDL.CREATE_WRAPPED to the call. At this time, you must have the permission to execute these two stored procedures. After the encryption is complete, SELECT text FROM USER_SOURCE WHERE name = 'emp_actions '; TEXT --------------------------------------- ---PACKAGE emp_actions WRAPPEDa0000001fabcd... in this way, you can encrypt What You Want to encrypt. DBMS_DDL Subprograms restrictions: It is worth noting that when you call the DBMS_ SQL .PARSE function to parse the encrypted result of DBMS_DDL.WRAP, the incoming text exceeds 32767 bytes, you must set LFFLG to FALSE; otherwise, the parsing result of DBMS_ SQL .PARSE will be messy. So far, our entire journey is over. Things are not very deep, and they only involve encryption of stored procedures. Of course, and so on, if you use the encryption method of the stored procedure, you will also use other encryption methods. You know that this is enough. After all, not every project can use this knowledge point. The writing is messy, mainly because I can quickly find out and forget to use it later.