EDB*Wrap v14
The EDB*Wrap utility protects proprietary source code and programs like functions, stored procedures, triggers, and packages from unauthorized scrutiny. The EDB*Wrap program translates a plaintext file that contains SPL or PL/pgSQL source code into a file that contains the same code in a form that's nearly impossible to read. Once you have the obfuscated form of the code, you can send that code to the PostgreSQL server, and the server stores those programs in obfuscated form. While EDB*Wrap does obscure code, table definitions are still exposed.
Everything you wrap is stored in obfuscated form. If you wrap an entire package, the package body source, as well as the prototypes contained in the package header and the functions and procedures contained in the package body, are stored in obfuscated form.
If you wrap a CREATE PACKAGE
statement, you hide the package API from other developers. You might want to wrap the package body but not the package header so users can see the package prototypes and other public variables that are defined in the package body. To allow users to see the prototypes the package contains, use EDBWrap to obfuscate only the CREATE PACKAGE BODY
statement in the edbwrap
input file, omitting the CREATE PACKAGE
statement. The package header source is stored as plaintext, while the package body source and package functions and procedures are obfuscated.
You can't unwrap or debug wrapped source code and programs. Reverse engineering is possible but very difficult.
The entire source file is wrapped into one unit. Any psql
meta-commands included in the wrapped file aren't recognized when the file is executed. Executing an obfuscated file that contains a psql meta-command causes a syntax error. edbwrap
doesn't validate SQL source code. If the plaintext form contains a syntax error, edbwrap
doesn't report it. Instead, the server reports an error and aborts the entire file when you try to execute the obfuscated form.
Using EDB*Wrap to obfuscate source code
EDB*Wrap is a command line utility that accepts a single input source file, obfuscates the contents, and returns a single output file. When you invoke the edbwrap
utility, you must provide the name of the file that contains the source code to obfuscate. You can also specify the name of the file where edbwrap
writes the obfuscated form of the code.
edbwrap
offers three different command-line styles. The first style is compatible with Oracle's wrap
utility: