The WRAP function transforms a readable
DDL statement into an obfuscated DDL statement.
Syntax
In an obfuscated DDL statement, the procedural logic and
embedded SQL statements are scrambled in such a way that any intellectual
property in the logic cannot be easily extracted. If the DDL statement
corresponds to an external routine definition, the portion following
the parameter list is encoded.
>>-DBMS_DDL.WRAP--(--object-definition-string--)---------------><
Parameters
- object-definition-string
- A string of type CLOB(2M) containing a DDL statement text which
can be one of the following (SQLSTATE 5UA0O):
- create procedure
- create function
- create package (PL/SQL)
- create package body (PL/SQL)
- create trigger
- create view
- alter module add function
- alter module publish function
- alter module add procedure
- alter module publish procedure
- The result is a string of type CLOB(2M) which contains an encoded
version of the input statement. The encoding consists of a prefix
of the original statement up to and including the routine signature
or the trigger, view or package name, followed by the keyword WRAPPED.
This keyword is followed by information about the application server
that executes the function. The information has the form pppvvrrm,
where:
- ppp identifies the product as DB2® Database
for Linux®, UNIX®, and Windows® using the letters SQL
- vv is a two-digit version identifier, such as '09'
- rr is a two-digit release identifier, such as '07'
- m is a one-character modification level identifier, such
as '0'.
- For example, Fixpack 2 of Version 9.7 is identified as 'SQL09072'.
This application server information is followed by a string of letters
(a-z, and A-Z), digits (0-9), underscores and colons. No syntax checking
is done on the input statement beyond the prefix that remains readable
after obfuscation.
- The encoded DDL statement is typically longer than the plain text
form of the statement. If the result exceeds the maximum length for
SQL statements an error is raised (SQLSTATE 54001).
Note: The encoding of the statement is meant to
obfuscate the content and should not be considered as a form of strong
encryption.
Authorization
EXECUTE privilege on the DBMS_DDL
module
Example
- Produce an obfuscated version of a function that computes a yearly
salary from an hourly wage given a 40 hour workweek
VALUES(DBMS_DDL.WRAP('CREATE FUNCTION ' ||
'salary(wage DECFLOAT) ' ||
'RETURNS DECFLOAT ' ||
'RETURN wage * 40 * 52'))
The result of the previous statement would be something of the form:
CREATE FUNCTION salary(wage DECFLOAT) WRAPPED SQL09072 obfuscated-text
- Produce an obfuscated form of a trigger setting a complex default
VALUES(DBMS_DDL.WRAP('CREATE OR REPLACE TRIGGER ' ||
'trg1 BEFORE INSERT ON emp ' ||
'REFERENCING NEW AS n ' ||
'FOR EACH ROW ' ||
'WHEN (n.bonus IS NULL) ' ||
'SET n.bonus = n.salary * .04'))
The result of the previous statement would be something of the form:
CREATE OR REPLACE TRIGGER trg1 WRAPPED SQL09072 obfuscated-text