Home -> Mailing Lists -> Oracle-L -> Re: Oracle code wrapping

Re: Oracle code wrapping

From: Mladen Gogala <gogala.mladen_at_gmail.com>
Date: Tue, 26 Jul 2022 11:31:28 -0400
Message-ID: <e76b5c95-5908-98de-9290-9c0e7479402f_at_gmail.com> 





  
    
  
  
    
On 7/25/22 10:59, Michael D
      O'Shea/Woodward Informatics Ltd wrote:

    

    

      
      I just had a discussion with the development manager/tech lead of
      a large organisation. He manages a team of around 15 developers
      and QA staff for a single financial product. Client-side code is ASP.NET and
      a desktop thin client, and server-side it is Oracle 19c with a web
      service in-between in a few places.
      


      

      
Deployments are done weekly after UAT signoff of the
        prior development sprint the week before.

      


      

      
This chap was expressing his concerns about PSM’s,
        specifically database packages, procedures, and functions, being
        constantly tampered with by DBA’s and sysops, and not marrying
        up with the authorative version of the codebase under source
        control. His argument was that the version of the code deployed,
        using automation tools, should be bit for bit compatible with
        the code retrieved from source control. It seems hard to argue
        with this perspective.

      


      

      
Then he mentioned that they, recently, have got
        around the issue of this third-party „tampering“ rather than by
        enforcing business controls and process, but by „wrapping" the
        code during deployment.

      


      

      
I did not know how to reply.

      


      

      
Does anyone have any views on this approach? The
        only tangible information I can pull out from the docs is that
        wrapped code may not be version upgrade compatible, meaning
        possible upgrade issues. I know so little about „wrapping“ to
        know the drawbacks, specifically performance or stack traces and
        errors thrown.

      


      

      
All/any feedback, no matter how qualitative, would
        be helpful,

      


      

      
Mike

      
http://www.strychnine.co.uk

      
Woodward Informatics Ltd

      


      

    

    
You are aware that there is un-wrapper? It is available in the
      form of SQL*Developer plugin:

    
https://github.com/Trivadis/plsql-unwrapper-sqldev

    
Granted, SQL*Developer is a very expensive tool and there aren't
      that many guys who know how to clone a Github repo but still, I
      don't think that wrapping the code is a viable method of
      protecting your intellectual property. Wrapping the code will only
      protect it from idiots, contrary to the popular statement that
      there is no protection from idiots. What you do need is a data
      model and legal protection of the underlying data model.and
      refusing support to anyone who ever touches the supplied packages.

    
I've been having loads of fun with the un-wrapper as a
      consultant. You should see some of the developers faces when I
      presented them with neatly formatted source code of the
      "protected" package.

    

    
-- 
Mladen Gogala
Database Consultant
Tel: (347) 321-1217
https://dbwhisperer.wordpress.com


  

--
http://www.freelists.org/webpage/oracle-l
Received on Tue Jul 26 2022 - 17:31:28 CEST












Original text of this message