Obfuscating source code v17
EDB*Wrap is a command line utility that accepts a single input source file, obfuscates the contents, and returns a single output file. When you invoke the edbwrap
utility, you must provide the name of the file that contains the source code to obfuscate. You can also specify the name of the file where edbwrap
writes the obfuscated form of the code.
Overview of the command-line styles
edbwrap
offers three different command-line styles. The first style is compatible with Oracle's wrap
utility:
The iname=input_file
argument specifies the name of the input file. If input_file
doesn't contain an extension, edbwrap
searches for a file named input_file.sql
.
The optional oname=output_file
argument specifies the name of the output file. If output_file
doesn't contain an extension, edbwrap
appends .plb
to the name.
If you don't specify an output file name, edbwrap
writes to a file whose name is derived from the input file name. edbwrap
strips the suffix (typically .sql
) from the input file name and adds .plb
.
edbwrap
offers two other command-line styles:
You can mix command-line styles. The rules for deriving input and output file names are the same regardless of the style you use.
Once edbwrap
produces a file that contains obfuscated code, you typically feed that file into the PostgreSQL server using a client application such as edb-psql
. The server executes the obfuscated code line by line and stores the source code for SPL and PL/pgSQL programs in wrapped form.
In summary, to obfuscate code with EDB*Wrap, you:
- Create the source code file.
- Invoke EDB*Wrap to obfuscate the code.
- Import the file as if it were in plaintext form.
Creating the source code file
To use the EDB*Wrap utility, create the source code for the list_emp
procedure in plaintext form:
Import the list_emp
procedure with a client application such as edb-psql
:
View the plaintext source code stored in the server by examining the pg_proc
system table:
Invoking EDB*Wrap
Ofuscate the plaintext file with EDB*Wrap:
The second line of the wrapped file contains an encoding name. In this case, the encoding is UTF8. When you obfuscate a file, edbwrap
infers the encoding of the input file by examining the locale. For example, if you're running edbwrap
while your locale is set to en_US.utf8
, edbwrap
assumes that the input file is encoded in UTF8. Be sure to examine the output file after running edbwrap
. If the locale contained in the wrapped file doesn't match the encoding of the input file, change your locale and rewrap the input file.
Importing the obfuscated code to the PostgreSQL server
You can import the obfuscated code to the PostgreSQL server using the same tools that work with plaintext code:
The pg_proc system table contains the obfuscated code:
Invoke the obfuscated code in the same way that you invoke the plaintext form:
When you use pg_dump
to back up a database, wrapped programs remain obfuscated in the archive file.
Be aware that audit logs produced by the Postgres server show wrapped programs in plaintext form. Source code is also displayed in plaintext in SQL error messages generated when the program executes.
Note
The bodies of the objects created by the following statements aren't stored in obfuscated form: