PL/SQL Wrap Utility for Encryption
The wrap utility (wrap.exe) provides a way for PL/SQL developers to protect their intellectual property by making their PL/SQL code unreadable. It helps to protect the source code from business competitors and others who might misuse it. For Oracle 10g or later versions, wrap.exe is shipped with Oracle client instillation and available at the directory of $ ORALCE_HOME\bin.
Wrapped source files can be moved, backed up, and processed (executed) by SQL*Plus and the Import and Export utilities, but they are not visible through the static data dictionary views *_SOURCE.
Steps of Wrapping Packages/Procedures/Functions
- Develop the Packages/Procedures/Functions as usual. Test and save the source code in a file (for package, save the spec and body in separate files).
-
Run the warp utility to wrap the source code:
$ORACLE_HOME\bin\warp iname=sourceFile [oname=warppedFile]
- Distribute/delivery the wrapped file.
The wrapped file is is a text file, which you can run just as any script in SQL*Plus to set up your PL/SQL subprograms and packages. For example, run a wrapped file as follows:
SQL> @warppedFile
The following CREATE OR REPALCE statements are wrapped:
CREATE [OR REPLACE] FUNCTION function_name CREATE [OR REPLACE] PROCEDURE procedure_name CREATE [OR REPLACE] PACKAGE package_name CREATE [OR REPLACE] PACKAGE BODY package_name CREATE [OR REPLACE] TYPE type_name AS OBJECT
However, the CREATE[ORREPLACE]TRIGGER statement, and [DECLARE] BEGIN-END anonymous blocks, are not wrapped.
Guidelines for Wrapping
- Wrap only the body of a package or object type, not the specification.
- Wrap code only after you have finished editing it. Either wrap your code after it is ready to ship to users or include the wrapping operation as part of your build environment.
- To change wrapped PL/SQL code, edit the original source file and then wrap it again.
- Before distributing a wrapped file, view it in a text editor to be sure that all important parts are wrapped.
- Notes: Wrapped PL/SQL units are upward-compatible between Oracle Database releases, but are not downward-compatible. For example, you can load files processed by the V11.1.5
wraputility into a V11.1.6 Oracle Database, but you may not load files processed by the V11.1.6wraputility into a V11.1.5 Oracle Database.
Wrapping Oracle Views
As we see above, if we want to hide the source or logic of Oracle (for example, to prevent others to change the view logic. we can’t use the wrap utility on the view directly. As work-round solution, we can create an Oracle pipelined function to implement the view logic. Then use the wrap utility to encrypt the pipelined function. Finally create the view by selecting ALL from the pipelined function.
In case we need to encrypt multiple views, we can create a package containing multiple pipelined functions to implement the corresponding views’ logic. Then we just need to warp one package. Below is the pseudo-code:
For the Package spec file:
create or replace package views_wrap_pkg
type t_view1_cols is record
(col1 varchar2(30 char),
col2 integer );
type t_view1_tab is table of t_view1_cols;
function view1 return t_view1_tab pipelined;
end views_wrap_pkg;
For the Package body file:
create or replace package body views_wrap_pkg function view1 return t_view1_tab pipelined as cursor view1_cursor is select field1 as col1, field2 as col2 from tables .... begin for view1_row in view1_cursor loop pipe row (view1_row ); end loop; return; end view1; end views_wrap_pkg;
Warp the package body file (not warp the package spec file) and execute it.
Finally, Create the views from the encrypted package:
create or replace view test_view as select * from table(views_wrap_pkg.view1);
In this way, all the view logic is encrypted.
Luke Lushu Li's Blog 