Database Reference
In-Depth Information
Even though this database link has been dropped, when opening the
.dbf
in a hexeditor we can see the evidence
of the deleted object in Figure
11-3
.
Figure 11-3.
Hex output from dbf file showing the “deleted” database link
Source Code as a Source of Metadata
In order to be scientifically sure of past events on an Oracle DB, it may be necessary to check the code that makes up
the procedures and classes within the DB. Java has built-in
javap -C
and JAD (
http://varaneckas.com/jad/
)
, but
PL/SQL does not have an Oracle-provided decompiler. There have been a number of third-party solutions, though
care needs to be taken so as to not infringe upon Oracle's intellectual property rights.
10g unwrappers are publicly available, such as the one at
https://code.google.com/p/plsqlunwrapper/
.
9i unwrapping is a bit more difficult, and to my knowledge there is no public unwrapper, though there are private
ones. Either way, it is more secure to use 9i wrapping, and the good news is that you can deploy 9i-wrapped code on
10g, 11g, and 12c as Oracle is backwardly compatible in this respect. I have tested the use of 9i wrapping on 12c and it
does work, which is good for folks upgrading who don't have an unwrapper. If you wish for your wrapped PL/SQL to
be protected against unwrappers, then Pete Finnigan has produced a PL/SQL wrapping tool available through his web
Checking the actual plaintext source code of packages is not the kind of task that one would need to do every day.
This could be automated via a checksummer that would go through the dictionary objects to make sure they have not
been tampered with.
