Obfuscating source code of SQL procedures, SQL functions, and triggers
You can protect the intellectual property of source code for certain types of SQL procedures, SQL functions, and triggers by obfuscating the data definition statements that create them. The obfuscation renders the source code bodies of the SQL functions, SQL procedures, and triggers unreadable, except when decoded by a database server that supports obfuscated statements.
About this task
When you obfuscate data definition statements, the result is the prefix of the statement, including the name and parameter list, the WRAPPED keyword, the eight-byte product identifier string, and the obfuscated body that defines the routine or trigger. The obfuscated text is scrambled so that it cannot be read, except when executed by database servers that support obfuscated statements.
The following limitations apply to the obfuscation of SQL functions, SQL procedures, and triggers:
- Obfuscation is supported for only the following data definition statements:
- CREATE FUNCTION (compiled SQL scalar)
- CREATE FUNCTION (inlined SQL scalar)
- CREATE FUNCTION (SQL table)
- CREATE PROCEDURE (SQL - native)
- CREATE TRIGGER (basic)
- CREATE TRIGGER (advanced)
- FL 507 If the CREATE PROCEDURE statement contains the OR REPLACE or SPECIFIC clauses, the application compatibility level of the package for the built-in SYSIBMADM.CREATE_WRAPPED procedure must be V12R1M507 (or higher).
- You cannot alter obfuscated routines or triggers. However anyone with sufficient authority can drop them and create replacements.
- Obfuscated data definition statements are not supported in static SQL statements embedded in host programming languages.
- The obfuscation algorithm is not strong encryption, and is not meant for use in security contexts.
- Only the body of the SQL text after the name of created object of the obfuscated data definition statement is encoded.
- Although SQL statements in the body of obfuscated data definition statement are not readable in the SYSROUTINES or SYSTRIGGERS catalog tables, individual SQL statements are readable in the SYSPACKSTMT catalog table. Only program logic is thoroughly obfuscated.
- Obfuscated statements cannot be used in sample programs that automatically convert non-delimited SQL statement text to uppercase. Examples include DSNTEP2, DSNTEP4 and SPUFI.
Procedure
To obfuscate program logic in the body of a routine or trigger in a data definition statement, use any the following approaches: