Security Oracle - Unwrapping PL/SQL code - bug share your point of view
Hi allThis is a very abnormal case to unwrap PL/SQL wrapped codes. Is this a bug in Oracle security, or... And how it is possible to unpack the code that is wrapped by the #1 database system and which ensured that "the encapsulated code is not possible to be désencapsulé.
Please send us your review
- - - - - - - - - - - - - - - - - - - - -
Kamran Agayev a. (OCP 9i / 10g)
Author of the forthcoming book--"Oracle Backup & Recovery: Expert secrets to use RMAN and Data Pump.
http://www.rampant-books.com/book_1002_rman_backup_recovery.htm
Hi guys,.
Some interesting points in this thread. First wrap Oracle deal is pre - 10g and 10g post (both methods are very different) is not encryption, its simple obfuscation (your opinion on the definition of 'simple' may vary). Oracle do not specify in their documentation, that it is a secure solution, they say its obfuscation. There are unwrappers there for two types of film. A comment on the thread suggests that only the structure of the code is possible to get by using an unwrapper. Is not true, and the misconception is perhaps because some of the unwrappers there have been created for security researchers/consultants so that they could find bugs and in these cases the recovery of the real source code was not necessary.
Is this a bug there is a possibility to reveal? in theory, probably 'no' because Oracle never told code recovery was impossible. Can they do the packing process harder? -probably, it is worth? not sure, which is being implemented would probably be broken. A better solution might be a customer solution based, that is, Oracle provides the mechanism of the envelope and we as customers provide our own key? It is defective although, as the needs of database to decipher (UN-hide) the code so it can be loaded. The pcode would be always available and should not "too long" for someone to go straight from pcode back to PL/SQL.
see you soon
Pete
Tags: Database
Similar Questions
-
Bug from the point of view of culture in CC?
As you can see that Photoshop is a weird behavior in the current version. Any ideas on that? Thank you!! Hannes
Have you tried Edit > Perspective Warp?
https://helpx.Adobe.com/Photoshop/using/perspective-warp.html
Usually works better and has more control that the old crop of perspective.
With prospect of harvest if you rotate the cube first before harvest of Perspective, then you will get better results.
-
Extensions: Convert T - SQL code
Hello
Do we not have an extension for SQL Developer that converts the Oracle in T - SQL code?
Thank you
Do we not have an extension for SQL Developer that converts the Oracle in T - SQL code?
There is such an extension. It is called a "consultant."
See you soon,.
Brian
-
How normalization code in oracle 10 in sql/pl-sql
If any body help manage how the standaridazation code in oracle 10g in sql/pl-sql.post your coding standards
-
I am getting fake SQL code when generating types in JDevelper 11.1.1.3.0.
Process:
1. create a new application: Test
2. create a new project: Project1
3. create the database offline: ECIS
4. create a contact schema
5 create a type:
CREATE OR REPLACE TYPE HAS_REASON_OF_CETYPE AS OBJECT
(
has_reason_of varchar2 (36)
)
6 create a table based on the previous type type:
CREATE OR REPLACE TYPE HAS_REASON_OF_CETYPE_LIST
AS THE contact.has_reason_of_cetype TABLE;
7. generate SQL script. Results:
CREATE THE HAS_REASON_OF_CETYPE_LIST TYPE
AS_REASON_OF_CETYPE_LIST <-this is the wrong code
AS THE contact.has_reason_of_cetype TABLE;
/
CREATE THE HAS_REASON_OF_CETYPE TYPE
AS_REASON_OF_CETYPE AS OBJECT <-fact here too
(
has_reason_of varchar2 (36)
)
/
I have not seen this error with type names in our project, or this error in the previous version. Someone has seen this before and knows a way around it?
Published by: user13324293 on July 20, 2010 11:48It's a regression in the PS2 (11.1.1.3.0) during our generation of DDL has been rewritten. The problem, in a nutshell, is that while determining if the generated DDL must precede the name of the object with a differnet scheme, there are some erroneous (simpler) made of string manipulation. So if the name (or schema.name) in the source contains the token of what follows (ie the ACE or IS) has the problem. This problem is fixed in 11.1.2.0.0 and 11.1.1.4.0 streams.
There are two possible solutions.
You can use instead OF as in the above case (in the STATE does not appear in the name) or simply change the case of ACE so that it is not the same as in the name - that is to say use "beneath", 'As' or 'Sub '.
I hope this helps.
Pete - team JDeveloper DB
-
Security problem for the source code
Hello guys '
I have a question about the safety of coding. So, I know that anyone can create .jar .java or .class file.
And my question:
Is it possible to create the .cod file .java file? I think the best solution to save the source code uses secure obfuscator.
Do you use the Java obfuscator? What obfuscator is the best?
Please share your knowledge with me ' guy
TNX'
You would like to read the following Article:
How to-obfuscate code in a BlackBerry application
Article number: DB-00438I know that a BlackBerry development company using Proguard.
-
Dynamic Action run PL/SQL Code runs is not after 4.2.5 upgrade
APEX 4.2.4 to 4.2.5 11.2 database upgrade
I have a button to click on DA who owns shares run of PL/SQL Code and update point who worked in version 4.2.4 which is no longer running after the 4.2.5 patch.
The PL/SQL procedure has been tested autonomous and it runs correctly.
I tested him DA is actually shot on the click event by adding an alert "DA xxxx pulled" action before the execution of work of PL/SQL action and action alert.
There is also a similar on DA click which makes the action opposite to the DA problem and it works both are configured in the same way:
Static DA, run Code PL/SQL - check waiting for result, and not repress with the same Submit and return items.
Any ideas on a possible cause/solution much appreciated
Fixed it, the question was the Page elements of return of goods on the action of PL/SQL Code:
If the target element was empty the action failed, by adding a value in the database through a normal SQL insert then the insert DA completed successfully.
Removing Page elements at the point of return of the action of PL/SQL and together action update the target element after the DA fires in all scenarios.
But thanks for the lead
-
First of all, Hi everyone.
I need to encrypt my PL/SQL code at run time. I thought using the wrap.exe, but it won't be a good option, once maybe I need to change something in the code and I'll not can send the code wrapped to the final customer. So, I'll use the DBMS_DDL. WRAP, but I have a doubt, I understand that my object will be encrypted in the database, but how can I prevent software this capture SQL (like SQL STATEMENTS TRACE) get the source when creating the object?
Thank you very much.Agree with SomeoneElse, having a license legally correct contract protects your code.
The package code is not a bad thing if that's what you are providing to the customer and that you have in place adequate source code controls, so you do not lose the source for yourself. Although there are "unwrappers" out there, it may depend on the version of Oracle as to how well they work, and if they can achieve. There are tools out there too which can obscure the PL/SQL code by doing things such as the conversion of all the variable names to things without meaning as a0001, a0002, a0003,... and deletes all comments etc before you wrap, so even if someone manages to undo what they are presented with the code that is more difficult to follow.
Regarding the customer can see SQL running, you won't really be able to do something that, if the customer has access of type DBA to the database; the only thing you can do to avoid this is to provide a managed service where your company has total control of provides a full support for the server, database and applications and the client does not have access to all but the front end of the application. Of course, if the customer has access to the database and can see running SQL code, then who can actually be beneficial if they have problems, because they can do their own initial analysis to determine the cause and determine if they should send the question to yourselves.
-
frmcmp cannot compile the modules containing SQL code that connected to the database
Hello
I checked several hundred messages of the forum on the net without finding a solution.
I have a Linux server with 11.1 WebLogics (11 GR 1 material) and FormsRuntime installed.
I am logged in as root.
I put all the environment variables based on the values in default.env.
In addition, I updated TERM and ORACLE_TERM vt220. And TNS_ADMIN to the location of the sqlnet.ora and tnsnames.ora.
I compiled a simple .pll containing only the following code:
IS test PROCEDURE
an INTEGER: = 0;
BEGIN
a: = 1;
END;
command:
frmcmp_batch module = TESTLIBPLAIN.pll userid=myuser/mypassword@mydb module_type = LIBRARY output_file = TESTLIBPLAIN.plx compile_all = Yes = Yes = No. batch connection
result: successful compilation. generated .plx.
now, I'm trying to compile an another .pll containing just the following code:
IS test PROCEDURE
an INTEGER: = 0;
BEGIN
Select 1 in the doubles.
END;
command:
frmcmp_batch module = TESTLIBSQL.pll userid=myuser/mypassword@mydb module_type = LIBRARY output_file = TESTLIBSQL.plx compile_all = Yes = Yes = No. batch connection
result: error:
"
11 forms (form of the compiler) Version 11.1.1.3.0 (Production)
Copyright (c) 1982, 2010, Oracle and/or its affiliates. All rights reserved.
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With partitioning, OLAP and Data Mining options
PL/SQL Version 11.1.0.7.0 (Production)
Oracle V11.1.1.3.0 - Production procedure generator
Oracle virtual graphics system Version 11.1.1.3.0 (Production)
Oracle Multimedia Version 11.1.1.3.0 (Production)
Oracle tools integration Version 11.1.1.2.0 (Production)
Common tools Oracle area Version 11.1.1.3.0
Oracle CORE Production 11.1.0.7.0
Compile the library TESTLIB.
Invalidate the body TEST procedure...
Compilation of body TEST procedure...
ERROR on line 5, column 1 0
Ignored SQL statement
Library TESTLIB closing...
Errors on TEST:
PL/SQL ERROR on line 5, column 1 0
Ignored SQL statement
Could not generate the library.
FRM-30312: unable to compile the library.
"
the two libraries differ by having used SQl commands or not.
I tried to compile some more complex .pll and .fmb containg the SQL code. I get similar error messages. The messages that I receive for each module are the same, I would get when compiling the module with FormBuilder 9i (Windows) without being connected to the database.
So my first thought was, this frmcmp_batch is unable to connect to the database.
BUT:
From frmcmp_batch with an invalid user, password, or database name not existing (resp. not in tnsnames.ora), results in appropriate error messages (not found TNS, refusal to sign etc.).
With myuser/mypassword@mydb I don' t get this kind of messages.
sqlplus myuser/mypassword@mydb works.
myuser can access all objects in the database mydb.
mydb tnsping works.
When I check v$ session on mydb while (!) frmcmp_batch is running, I see that it is in fact a db session, created from myuser: DB-User = myuser, terminal = myappsever, osuser = root, remote process = frmcmp_batch. And State of the current session of the db is ACTIVE.
As a result, frmcmp_batch fails with error messages that I expect that when there is no connection to the base, if it is connected!
Any ideas what could be wrong with my setup?
Help appreciated.
Jean
I found the solution. Seems, fmrcmp 11g can connect to, but compiles not on the 9i database. With the help of a Database 11 g resolves the problem :-)
-
want to understand the stages of executing pl/sql code
Hello all;
I want to know the logic of programming for the pl/sql code, what I have written;
because I was late yesterday to resolve the simple error.
> > It's link https://forums.Oracle.com/thread/2565867
OK now that I have written my code same lineup, but few changes:
now it's working. as I said above, I want to know the programming logic "flow of execution steps" of pl/sql code
1 DECLARE
2 a number: = 10;
3 number of b: = 20;
Number 4 c;
5 procedure findmin (x IN number, are there in numbers, number of Z OUT) IS
6 BEGIN
7 < < BLOCK1 > >
8 x if you can
9 z: = x;
10 other
11 z: = y;
12 end if;
13 END;
BEGIN 14
15 < < BLOCK2 > >
16 findmin(a, b, c);
17 DBMS_OUTPUT. Put_line (c);
18 * END;
19.
10
PL/SQL procedure successfully completed.
> > Is this process flow? > >
1. the declaration part.
2 during playback findmin online no 5 then control passes to the line not 16.
3. after receving input values, control passes back to 5
4. then compiler executes the code accordingly.
Question: how many compiler Oracle will execute code written?
8f953842-815B-4D8C-833d-f2a3dd51e602 wrote:
1. the declaration part.
2 during playback findmin online no 5 then control passes to the line not 16.
3. after receving input values, control passes back to 5
4. then compiler executes the code accordingly.
Question: how many compiler Oracle will execute code written?
1. any declaration section is processed in order to declare and allocate the space/memory etc. Including declaring the procedure in scope in memory (the procedure is not executed)
2 execution block to get the code begins with the first statement after BEGIN
3. the procedure is called in memory with the parameters passed to it.
4. when the procedure completes execution returns to the statement in the main execution block, after the procedure call.
Note:
The compiler is not executing code, it compiles just in memory or stored in the database (depending on whether it is an anonymous block or the stored procedure / package etc..)
The code isn't really jump 'line by line', because at the time when it is run, it is compiled down to a pcode (or native code if this is allowed), and which may contain several intermediate statements to run the underlying process. The compiled code however keep track of line numbers of source code of error for the purposes of statement internally.
-
Examples of pl/sql code that can be used in training for new developers
Hello
I'm working on a training ride on the pl/sql to some developers who are totally new to PL/SQL. Although they are experienced in another language. I have power point on pl/sql presentations, but they especially the theory oriented with just a few examples. I'm looking for more help to have a few example pl/sql that can be given to interns as the code for example and also to practice. It should be a bit detailed and like to print the odd numbers or print "hellp world." Can anyone help to suggest if there is an example of code that is a bit detailed with a kind of complex problem which will give students a hands good example? I see a nice example at this link: http://tucano.tucanowebdesign.com/oracle/tutorial5.html - on an inventory system. It gives the feeling of being one on the issue of real-world work. So that if anyone knows of some other example say about 150 t0 300 lines or so of the code, I'll be grateful if it is shared.
Thank you
OrauserN
That said, I feel again (my perception) that more code a person writing/comments the better he gets. So, I want students to examine several code examples. I guess I need to see some books to bring out some really long piece of PL/SQL - like case studies.
. . .
But these guys are too busy and so I try to find the net / books some really detailed examples.But you seem to be overlooking that PL/SQL is supposed to be used for: PL means "procedural language.
So, PL/SQL must be used to 'procedure' treatment; This is typically several process steps. For example, when you want to run three applications as a "TRANSACTION". If all three completed successfully you COMMIT and if any of the three you don't ROLLBACK.
You can do this by using SQL only. And a developer doesn't have to write the code until they have a technical requirements doc that explains what problem the code is supposed to solve and the constraints and requirements that the code must implement.
So, my suggestion is the following:
1. identify and teach the types of issues that PL/SQL is used to help solve. Multi-step transactions, I mentioned above is an example
2. use the documentation and the code of your own organization in the form of samples. These 'guy' is perhaps too busy, but they should be able to provide to you all the documents for the code they wrote and that you use which would be good to use as examples. If they have no documents technical requirements so you just identify a MAJOR gap in the operations of your org that you must bring to the attention of management.
3. you can provide value added a lot more if you use code from your own org as a basis for what you are doing. A very useful training exercise is to ask students to perform 'code review' of a code (a procedure or function) and write simple comments, one line that explain, in plain English, what makes each piece of code.
4 comments, students create to step #3 can actually be incorporated into your code then existing so that future developers can use these comments to understand what the code actually does.
5 part of your 'education' should be on the way to 'test' correctly a piece of code PL/SQL to make sure it is doing what it is supposed to do. Again, if your students actually your own org code allows to create tests, these tests can then be added as a result of 'test' for this application and that adds value. A lot of times those developers 'busy' will not create the actual test cases and that your students can help remedy that. In addition, it does no good to know how to write PL/SQL code if you don't know how to test properly.
-
Morning all,
I need assistance with regard to the PL/SQL code.
Question: How many cases was activated from Direct treatment information/advice within 8 weeks?
Sample data:
MEMBER_ID CASE_ID SP_CODE SP_NAME SP_SUBTYPE_CODE SP_SUBTYPE_NAME REFERRAL_DATE SERVICE_DATE 000000001 2013858 1001 Info & advice 1001 Information - 25/09/2012 000000001 2013858 1005 Direct treatment 1022 Seamless 10/01/2012 10/01/2012 I need to count the number of the place where CASE_ID SP_CODE = '1001 ' and then a SP_CODE = '1005' as the program installation, then the difference between SERVICE_DATE for ' 1001' and for '1005' REFERRAL_DATE is within 8 weeks? I hope this makes sense?
Hello
One way is to use a Sun-query EXISTS, like this:
SELECT COUNT (case_id) AS cnt - or COUNT (DISTINCT case_id)
FROM table_x m
WHERE sp_code = 1005
AND THERE ARE)
SELECT 1
FROM table_x
WHERE sp_code = 1001
AND case_id = m.case_id
AND service_date > = m.service_date - (8 * 7)
AND service_date< > >
)
;
I hope that answers your question.
If not, post a small example of data (CREATE TABLE and INSERT statements) and the results desired from these data. Point where the query above will not and explain how to get good results in these places.
See the FAQ forum: https://forums.oracle.com/message/9362002#9362002
The combination (case_id, sp_code) is unique? What happens if a case_id has, say, 1001 multiple s all less than 8 weeks before the same 1005?
Member_id (or one of the other columns not in the above query) plays no role in this problem?
-
The call to the Workflow background process explicit in the pl/sql code
Hi all
We have a requirement where we need to call the "Workflow background process" explicitly in the pl/sql code.
Our wish is that we have an application that runs via a competing program, but before the end of this application we want to put that on the wait and run the 'Workflow background process"explicitly in the code itself (user must not go and run it manually).
Can someone please advice me how to do this in a PL/SQL code that is called via a concurrent program.
Kind regards
ShrutiPL post Details of the operating system, database and versions EBS.
One solution is to use the FND_SUBMIT API
The most common FND API in APPS customizations [ID 221549.1]
Code example for call Customer Interface RACUST program using the Api FND_SUBMIT 11i and R12 [429278.1 ID]https://forums.Oracle.com/forums/search.jspa?threadID=&q=FND_SUBMIT&objid=C3&DateRange=all&userid=&NumResults=15
HTH
Srini -
PL/SQL formatter bug (line breaks)?
Hello
Developer SQL 3.0.04
I'm trying to format my PL/SQL code.
I have a problem of code written as a formatting string (between ") and containing line breaks.
Example (code by default without formatting):
When I have the format:begin -- build the query l_query := l_query || 'select distinct col1 as "A", col2 as "B.", col3||''.''||col4||''.''||col5 as "C", col6 as "D", col7 as "E", col8 as "F" from table1 inner join table2 on tbl1_id = tbl2_id1 left join table3 on tbl3_id = tbl2_id2 '||l_from||' where '''||in_report_to_compute||''' = ''PIL'' and col5 = ''P'' '||point_ui.get_where_for_point_query(in_source, in_report_to_compute); return l_query; end;
And once again the format:begin -- build the query l_query := l_query || 'select distinct col1 as "A", col2 as "B.", col3||''.''||col4||''.''||col5 as "C", col6 as "D", col7 as "E", col8 as "F" from table1 inner join table2 on tbl1_id = tbl2_id1 left join table3 on tbl3_id = tbl2_id2 '||l_from||' where '''||in_report_to_compute||''' = ''PIL'' and col5 = ''P'' '||point_ui.get_where_for_point_query(in_source, in_report_to_compute) ; return l_query; end;
It seems to double line breaks + 1 each time:begin -- build the query l_query := l_query || 'select distinct col1 as "A", col2 as "B.", col3||''.''||col4||''.''||col5 as "C", col6 as "D", col7 as "E", col8 as "F" from table1 inner join table2 on tbl1_id = tbl2_id1 left join table3 on tbl3_id = tbl2_id2 '||l_from||' where '''||in_report_to_compute||''' = ''PIL'' and col5 = ''P'' '||point_ui.get_where_for_point_query(in_source, in_report_to_compute) ; return l_query; end;
jump to 1 line
3 line breaks
7 line breaks
15 line breaks
line breaks 31
etc.
I unchecked all the trainer configuration, with the exception of the CASE line crossings.
Commas with line number: 1
Width Max Line: 999
Threashold for SQL small: 999
How can I avoid this?
Thank you.
Yann.Hi Yann39
Workaround: use Chr (10) instead of multiline strings.
See Re: Trainer code break my literal "Asunder"Reproduced and connected
Bug 14114689 - TRAINER of CODE BREAKING MY LITERAL ASUNDER (to the AID of MULTI LINE LITTERAUX)-Turloch
SQLDeveloper forum -
If I can revise the SQL code generated by OBIEE
Hi all
I had a problemetic SQL generated automatically by OBIEE. I have to rewrite or at least add a tip to make it complete within a fixed period.
But I'm not sure if OBIEE offers us this feature to change or customize the SQLs it generates?
Please help to give some advice.
Thank you very much.
LeonHi leon,.
OBIEE increases the performance of the aliases table, cz as he can't do oneself joined himself.
Please visit this link this will solve your problem to improve performance
http://www.iwarelogic.com/blog/performance-increasing-OBIEE-724
(GOLD) http://www.rittmanmead.com/2008/11/thoughts-on-OBIEE-performance-optimization-Diagnostics/UPDATE POST
@leon, you cannot change the SQL code generated by obiee, your obligation to use EXISTS instead of IN operator, then you can do this in the physical layer of RPD by accessing the properties of the table and select SQL problem and write your query with condition EXISTS on the relevant tables. So that in turn Bi server accepts and converts according to its methodology.UPDATE POST-2
@leon, you can use rownum in your where clause, but check the query generated by OBIEE and the results obtained by rownum satisfied your requirment.Please follow label by awarding points to make it useful to others and even for us. Rules to be followed http://forums.oracle.com/forums/ann.jspa?annID=939
hope responds to your question.mark points.
See you soon,.
KKPublished by: Jocelyn on January 24, 2011 22:25
Published by: Jocelyne 24 January 2011 22:27
Published by: Jocelyn on January 25, 2011 02:13
Published by: Jocelyne 25 January 2011 05:26
Maybe you are looking for
-
MacBook (2010) starts with black screen with flashing Apple logo
I recently got ahold of a Macbook Pro 2010 running very slow so I did a reinstall of the operating system (which was a living nightmare, Macintosh is not as easy to manage as it was at the time of PowerPC) once I got to the top and running, I decided
-
Account validation and password reset information
I had a hotmail account and it has been blocked. I can't use my hotmail account. I have a Hotmail more so I paid each year a tax. Very worried. I have a lot of files and equipment in my account * address email is removed from the privacy *.
-
How can I get VISTA to open or import data from a document of Taxcut created in 2008 in Windows XP. The document is installed under VISTA, but VISTA is not able to open it or even recognize it.
-
ACTUALIZADO a window 10 desde w.7 It work? : Photoshop CS6 FSX gold Adobe brige YOMVY Spotify A ts team speak EOS utility software. light silver o I have to reinstall agai power?
-
HP Deskjet 3070 (All-in-one/Wireless) install problem Win 7 64
Hello world I wonder if others have had similar problems or ideas on the underside, surely I can't be the only one to use this installation/suffering with this problem. Printers: HP Deskjet 3070 All in One (USB/Wifi) Operating systems: Windows 7 64-b