Hard to grasp though, since my understanding was a bit different. I cant really think of a reason why would they keep strings etc in plain text. Perhaps to force people (like me) not to store their encryption key in a package and wrap it to achieve another level of security...
Here's the standard statement from Oracle about the limitations of wrap utility -
From : http://download.oracle.com/docs/cd/B10501_01/appdev.920/a96624/c_wrap.htm#LNPLS016Limitations of the Wrap Utility
String literals, number literals, and names of variables, tables, and columns remain in plain text within the wrapped file. Wrapping a procedure helps to hide the algorithm and prevent reverse-engineering, but it is not a way to hide passwords or table names that you want to be secret.
I wonder if there are any tricks to achieve something like that... my investigations are still on.. will report...
No comments:
Post a Comment