WRAP function - Obfuscate a DDL statement

The WRAP function transforms a readable DDL statement into an obfuscated DDL statement.

Syntax

In an obfuscated DDL statement, the procedural logic and embedded SQL statements are scrambled in such a way that any intellectual property in the logic cannot be easily extracted. If the DDL statement corresponds to an external routine definition, the portion following the parameter list is encoded.

Read syntax diagramSkip visual syntax diagramDBMS_DDL.WRAP(object-definition-string )

Parameters

object-definition-string
A string of type CLOB(2M) containing a DDL statement text which can be one of the following (SQLSTATE 5UA0O):
  • create procedure
  • create function
  • create package (PL/SQL)
  • create package body (PL/SQL)
  • create trigger
  • create view
  • alter module add function
  • alter module publish function
  • alter module add procedure
  • alter module publish procedure
The result is a string of type CLOB(2M) which contains an encoded version of the input statement. The encoding consists of a prefix of the original statement up to and including the routine signature or the trigger, view or package name, followed by the keyword WRAPPED. This keyword is followed by information about the application server that executes the function. The information has the form pppvvrrm, where:
  • ppp identifies the product as Db2® using the letters SQL
  • vv is a two-digit version identifier, such as '09'
  • rr is a two-digit release identifier, such as '07'
  • m is a one-character modification level identifier, such as '0'.
For example, Fixpack 2 of Version 9.7 is identified as 'SQL09072'. This application server information is followed by a string of letters (a-z, and A-Z), digits (0-9), underscores and colons. No syntax checking is done on the input statement beyond the prefix that remains readable after obfuscation.
The encoded DDL statement is typically longer than the plain text form of the statement. If the result exceeds the maximum length for SQL statements an error is raised (SQLSTATE 54001).
Note: The encoding of the statement is meant to obfuscate the content and should not be considered as a form of strong encryption.

Authorization

EXECUTE privilege on the DBMS_DDL module

Example

  • Produce an obfuscated version of a function that computes a yearly salary from an hourly wage given a 40 hour workweek
    VALUES(DBMS_DDL.WRAP('CREATE FUNCTION ' ||
                    'salary(wage DECFLOAT) ' ||
                    'RETURNS DECFLOAT ' ||
                    'RETURN wage * 40 * 52'))
The result of the previous statement would be something of the form:

CREATE FUNCTION salary(wage DECFLOAT) WRAPPED SQL09072 obfuscated-text
  • Produce an obfuscated form of a trigger setting a complex default
    VALUES(DBMS_DDL.WRAP('CREATE OR REPLACE TRIGGER ' ||
                      'trg1 BEFORE INSERT ON emp ' ||
                      'REFERENCING NEW AS n ' ||
                      'FOR EACH ROW ' ||
                      'WHEN (n.bonus IS NULL) ' ||
                      'SET n.bonus = n.salary * .04'))

The result of the previous statement would be something of the form:

CREATE OR REPLACE TRIGGER trg1 WRAPPED SQL09072 obfuscated-text