|PL/SQL User's Guide and Reference
Release 2 (9.2)
Part Number A96624-01
This appendix shows you how to run the Wrap Utility, a standalone programming utility that encrypts PL/SQL source code. You can use the Wrap Utility to deliver PL/SQL applications without exposing your source code.
This appendix discusses the following topics:
By hiding application internals, the Wrap Utility prevents
Wrapped code is as portable as source code. The PL/SQL compiler recognizes and loads wrapped compilation units automatically. Other advantages include
String literals, number literals, and names of variables, tables, and columns remain in plain text within the wrapped file. Wrapping a procedure helps to hide the algorithm and prevent reverse-engineering, but it is not a way to hide passwords or table names that you want to be secret.
Some recent SQL syntax is not supported by the wrap utility by default. To enable the support for all SQL syntax, specify the option
edebug=wrap_new_sql (with no dash). This option is not the default because it causes all SQL statements to appear in plain text in the wrapped file.
To run the Wrap Utility, enter the
wrap command at your operating system prompt using the following syntax:
Leave no space around the equal signs because spaces delimit individual arguments.
wrap command requires only one argument, which is
input_file is the name of the Wrap Utility input file. You need not specify the file extension because it defaults to
sql. For example, the following commands are equivalent:
However, you can specify a different file extension as the following example shows:
wrap command takes a second argument, which is
output_file is the name of the Wrap Utility output file. You need not specify the output file because its name defaults to that of the input file and its extension defaults to
plb (PL/SQL binary). For example, the following commands are equivalent:
However, you can use the option
oname to specify a different file name and extension, as the following example shows:
The input file can contain any combination of SQL statements. However, the Wrap Utility encrypts only the following
CREATE statements, which define subprograms, packages, or object types:
CREATE [OR REPLACE] FUNCTION function_name
CREATE [OR REPLACE] PROCEDURE procedure_name
CREATE [OR REPLACE]
All other SQL statements are passed intact to the output file. Comment lines are deleted unless they appear inside a subprogram, package, or object type.
When encrypted, a subprogram, package, or object type has the form
header begins with the reserved word
CREATE and ends with the name of the subprogram, package, or object type, and
body is an intermediate form of object code. The word
wrapped tells the PL/SQL compiler that the subprogram, package, or object type was encrypted by the Wrap Utility.
The header can contain comments. For example, the Wrap Utility converts
CREATE PACKAGE -- Author: J. Hollings -- Date: 10/15/99 banking AS minimum_balance CONSTANT REAL := 25.00; insufficient_funds EXCEPTION; END banking;
Generally, the output file is much larger than the input file.
If your input file contains syntax errors, the Wrap Utility detects and reports them. However, the Wrap Utility cannot detect semantic errors because it does not resolve external references. For example, it does not report the following error (table or view does not exist):
CREATE PROCEDURE raise_salary (emp_id INTEGER, amount NUMBER) AS BEGIN UPDATE amp -- should be emp SET sal = sal + amount WHERE empno = emp_id; END;
The PL/SQL compiler resolves external references. So, semantic errors are reported when the Wrap Utility output file (
.plb file) is compiled.
The Wrap Utility is upward-compatible with Oracle. So, for example, you can load files processed by the V8.1.5 Wrap Utility into a V8.1.6 Oracle database. However, the Wrap Utility is not downward-compatible with Oracle. So, for example, you cannot load files processed by the V8.1.6 Wrap Utility into a V8.1.5 Oracle database.
When wrapping a package or object type, wrap only the body, not the spec. That way, other developers see the information they need to use the package or type, but they do not see its implementation.
Like all encrypted files, wrapped files cannot be edited. To revise a wrapped file, you must revise and re-wrap the underlying source code. So, do not wrap a subprogram, package, or object type until it is ready for shipment to end-users.