Re: Oracle code wrapping

My cents on this discussion and I think much of it has been said already :)

If the code is wrapped it just makes it harder to work with and debug. It slows down production support tasks where you may need to be able to look at some PL/SQL to see what is going on. Unified Auditing in the newer version can also be used in the new version to help monitor what is going on with unauthorized changes. You can also look at LAST_DDL_TIME on DBA_OBJECTS to see when something was modified and then alert using your existing monitoring tool.

So probably process and training coupled with some auditing/monitoring may be a good and healthy middle ground given the technology involved rather than I don't trust and therefore obscure, which ultimately will slow down troubleshooting, which leads to more outages and other problems.

For whatever that is worth.

Niklas Iveslatt
Senior Partner

Arisant LLC ~ http://www.arisant.com
44 Inverness Dr. E Bldg. C Suite 2 ~ Englewood, CO 80112 mobile: 303.882.4461 ~ main: 303.330.4065 ~ fax: 888.889.0155

  Need to send me something securely? *Click here* <https://arisant.sendsafely.com/u/niklas.iveslatt>

On Tue, Jul 26, 2022 at 9:47 AM Lauren Vaughn <lauren.vaughn_at_gmail.com> wrote:

> It's a whole lot easier than that. Just copy/paste here:
> https://www.codecrete.net/UnwrapIt/
>
>
> On Tue, Jul 26, 2022 at 10:31 AM Mladen Gogala <gogala.mladen_at_gmail.com>
> wrote:
>
>> On 7/25/22 10:59, Michael D O'Shea/Woodward Informatics Ltd wrote:
>>
>> I just had a discussion with the development manager/tech lead of a large
>> organisation. He manages a team of around 15 developers and QA staff for a
>> single financial product. Client-side code is ASP.NET and a desktop thin
>> client, and server-side it is Oracle 19c with a web service in-between in a
>> few places.
>>
>> Deployments are done weekly after UAT signoff of the prior development
>> sprint the week before.
>>
>> This chap was expressing his concerns about PSM’s, specifically database
>> packages, procedures, and functions, being constantly tampered with by
>> DBA’s and sysops, and not marrying up with the authorative version of the
>> codebase under source control. His argument was that the version of the
>> code deployed, using automation tools, should be bit for bit compatible
>> with the code retrieved from source control. It seems hard to argue with
>> this perspective.
>>
>> Then he mentioned that they, recently, have got around the issue of this
>> third-party „tampering“ rather than by enforcing business controls and
>> process, but by „wrapping" the code during deployment.
>>
>> I did not know how to reply.
>>
>> Does anyone have any views on this approach? The only tangible
>> information I can pull out from the docs is that wrapped code may not be
>> version upgrade compatible, meaning possible upgrade issues. I know so
>> little about „wrapping“ to know the drawbacks, specifically performance or
>> stack traces and errors thrown.
>>
>> All/any feedback, no matter how qualitative, would be helpful,
>>
>> Mike
>> http://www.strychnine.co.uk
>> Woodward Informatics Ltd
>>
>> You are aware that there is un-wrapper? It is available in the form of
>> SQL*Developer plugin:
>>
>> https://github.com/Trivadis/plsql-unwrapper-sqldev
>>
>> Granted, SQL*Developer is a very expensive tool and there aren't that
>> many guys who know how to clone a Github repo but still, I don't think that
>> wrapping the code is a viable method of protecting your intellectual
>> property. Wrapping the code will only protect it from idiots, contrary to
>> the popular statement that there is no protection from idiots. What you do
>> need is a data model and legal protection of the underlying data model.and
>> refusing support to anyone who ever touches the supplied packages.
>>
>> I've been having loads of fun with the un-wrapper as a consultant. You
>> should see some of the developers faces when I presented them with neatly
>> formatted source code of the "protected" package.
>>
>> --
>> Mladen Gogala
>> Database Consultant
>> Tel: (347) 321-1217https://dbwhisperer.wordpress.com
>>
>> -- http://www.freelists.org/webpage/oracle-l
>
>

--
http://www.freelists.org/webpage/oracle-l