Database Reference
In-Depth Information
Then it's just a matter of calling the
DBMS_CRYPTO.ENCRYPT
function as in Listing 11-21. We pass our
clear text connection string list
clear_raw
, the
app_key
and the
iv
. We also tell the function to use 256-bit
Advanced Encryption Standard (AES256) with Block Chaining and PKCS padding.
Ta-da! We have an encrypted list of connection strings that we can trust for storage on disk and in
backup. Our
f_unmask
function that decrypts the data is almost identical to
f_mask
. We build the
app_key
and
iv
in the very same way, then pass the encrypted connection string list to the
DBMS_CRYPTO.DECRYPT
function, using the same encryption algorithm series. Voila, we have our clear text connection strings
back from cold storage.
Wrap Utility
Oracle Corporation has been in the business of protecting its intellectual property for decades. The
company has developed a process whereby it can publish business-sensitive PL/SQL code, much like
our Oracle procedures, functions, and packages, and distribute it to customers without exposing the
inner workings of the code. Oracle devised the wrap utility, which will obfuscate PL/SQL code so that it
can't be read. I should only say that wrapped procedures cannot be read without some effort, because
there are purported to be tools that will unwrap procedures.
We will use the wrap utility to obfuscate the
f_mask
and
f_unmask
functions. As a reminder, you
should first modify
f_mask
and
f_unmask
so that they are unique to your company, then wrap them. That
is to avoid the obvious loose lips of this topic from sinking your ship.
Save a copy of your
F_MASK.sql
and
F_UNMASK.sql
files in a secure location, then pass the files to
the wrap utility. The wrapped files will have a “.plb” extension, and are viewable in any text editor— they
are not binary code. The resulting Oracle 11g wrapped procedure will always resemble Listing 11-22.
%ORACLE_HOME%\BIN\wrap INAME=F_MASK.sql
%ORACLE_HOME%\BIN\wrap INAME=F_UNMASK.sql
Listing 11-22.
Wrapped Version of Mask Function
CREATE OR REPLACE FUNCTION appsec.f_mask wrapped
a000000
b2
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
8
3d9 237
GehnTGWDxAhWnsVg2jYOTJ2/sF4wg/BeTCCsfI5Vgp0GvFbmFJFF9PpfKGM8NUbmI21KsMmT
9YLZz1gSTsZkw/skypO3G2z+bhL/AGJObl6IY3bf/PjNwdlhZ5argmaJytVX0RDALqjMIRvj
