Re: Oracle code wrapping

From: Lauren Vaughn <lauren.vaughn_at_gmail.com>
Date: Tue, 26 Jul 2022 10:47:35 -0500
Message-ID: <CAM0ig+=ey8MZRyofWuG3bt+udkMG97kj45jQCBw6+maRbnN-Aw_at_mail.gmail.com>

It's a whole lot easier than that. Just copy/paste here: https://www.codecrete.net/UnwrapIt/

On Tue, Jul 26, 2022 at 10:31 AM Mladen Gogala <gogala.mladen_at_gmail.com> wrote:

> On 7/25/22 10:59, Michael D O'Shea/Woodward Informatics Ltd wrote:
>
> I just had a discussion with the development manager/tech lead of a large
> organisation. He manages a team of around 15 developers and QA staff for a
> single financial product. Client-side code is ASP.NET and a desktop thin
> client, and server-side it is Oracle 19c with a web service in-between in a
> few places.
>
> Deployments are done weekly after UAT signoff of the prior development
> sprint the week before.
>
> This chap was expressing his concerns about PSM’s, specifically database
> packages, procedures, and functions, being constantly tampered with by
> DBA’s and sysops, and not marrying up with the authorative version of the
> codebase under source control. His argument was that the version of the
> code deployed, using automation tools, should be bit for bit compatible
> with the code retrieved from source control. It seems hard to argue with
> this perspective.
>
> Then he mentioned that they, recently, have got around the issue of this
> third-party „tampering“ rather than by enforcing business controls and
> process, but by „wrapping" the code during deployment.
>
> I did not know how to reply.
>
> Does anyone have any views on this approach? The only tangible information
> I can pull out from the docs is that wrapped code may not be version
> upgrade compatible, meaning possible upgrade issues. I know so little about
> „wrapping“ to know the drawbacks, specifically performance or stack traces
> and errors thrown.
>
> All/any feedback, no matter how qualitative, would be helpful,
>
> Mike
> http://www.strychnine.co.uk
> Woodward Informatics Ltd
>
> You are aware that there is un-wrapper? It is available in the form of
> SQL*Developer plugin:
>
> https://github.com/Trivadis/plsql-unwrapper-sqldev
>
> Granted, SQL*Developer is a very expensive tool and there aren't that many
> guys who know how to clone a Github repo but still, I don't think that
> wrapping the code is a viable method of protecting your intellectual
> property. Wrapping the code will only protect it from idiots, contrary to
> the popular statement that there is no protection from idiots. What you do
> need is a data model and legal protection of the underlying data model.and
> refusing support to anyone who ever touches the supplied packages.
>
> I've been having loads of fun with the un-wrapper as a consultant. You
> should see some of the developers faces when I presented them with neatly
> formatted source code of the "protected" package.
>
> --
> Mladen Gogala
> Database Consultant
> Tel: (347) 321-1217https://dbwhisperer.wordpress.com
>
> -- http://www.freelists.org/webpage/oracle-l

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Jul 26 2022 - 17:47:35 CEST

This message: [ Message body ]
Next message: Niklas Iveslatt: "Re: Oracle code wrapping"
Previous message: Mladen Gogala: "Re: Oracle code wrapping"
In reply to: Mladen Gogala: "Re: Oracle code wrapping"
In reply to Dominic Brooks: "Re: Oracle code wrapping"
Next in thread: Niklas Iveslatt: "Re: Oracle code wrapping"
Reply: Niklas Iveslatt: "Re: Oracle code wrapping"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message