Alternative to WRAP

ankush.world@yahoo.com asks:

Question

oracle provide wrap utility and DBMS_DDL.WRAP Function to encrypt pl/sql code. its not possible to unwrap again. but on following site its easily possible just paste the encrypted code and u got unwrap code on only one click http://www.codecrete.net/UnwrapIt/ please tell me if any one have any other option or method for encrypt ps/sql code.

Answer

I don't know any supported alternatives to the WRAP utility (or DBMS_DDL.WRAP).
Wrapping code prevents the casual observer, but as you've seen, people have worked out ways to unwrap code. This is always going to be possible because the database has to be able to understand the contents of the code, so it must be able to unwrap it internally. Oracle have changed the wrapping algorithm several times. Each time it has been cracked. This situation is that same as decompiling Java or C code. I think you just have to live with it.
Assuming you are controlling the servers, you can prevent access to the wrapped source. If they don't have the wrapped code, they can't unwrap it. :)
Cheers Tim...

Alternate to Wrap

ankush, just something for you to think about as I offer the opinion that code should not be wrapped to begin with. If your code is doing something truly innovative then it should be protected by patents and copyright law rather than being obscured. Customers/developers need to be able to debug code and that is a little tough when the code is wrapped.
--
IMHO Mark D Powell

Wrap Alternatives

Hi,

I have developed a solution as part of client assignments to protect intellectual property in their PL/SQL code which included multiple layers of security. We added manuall tamper proofing to detect if the code has been modified or changed and also to prevent it if stolen from being run in a different database. we then used my tool PFCLObfuscate that obfuscates the PL/SQL to remove meaning, compact and remove comments, obscure strings etc. Then we wrapped the code with 9iR2 wrap which is harder to unwrap and there are no websites that can be used to unwrap (currently). 9iR2 wrapped code can be easily loaded into all supported databases. Then we applied my wrapprotect program which makes the wrapped file not be unwrapped by all known unwrappers. This adds many layers of security to your PL/SQL. Some details can be found here http://www.pfclobfuscate.com/2012/04/welcome-to-pfclobfuscate/

cheers

Pete Finnigan

Wrapping is security by obscurity

Ankush.world,
what's your intention for using WRAP, anyway?

- If you want to make your application more secure by obfuscating your code, that's broken security by design IMHO. I don't know if Bruce Schneier has an opinion on Oracle's code wrapper, but he surely has one on "security through obscurity". See Wikipedia.

- I assume you don't want to keep your customers from modifying your code to make them dependent on you, do you? That would be such a despicable thing to do.

Cheers, Uwe

Wrapping

how you decided this is not "a despicable thing to do"???

Its the safest way that we can publish our product to our customer is by wrapping the source code, when they want to modify or change then they need to have a permission to do so.

How can we allow such access to naked code and keep a change process in order?

Just make some effort before you write here!