How to see the original text of the the function that has been wrapped by “DBMS_DDL.WRAP”

Question

As I'm new to Oracle PL-SQL,I'm trying to be familiar with DBMS_DDL package and I used it to hide my source code,below you can see the example I'm working on:

Declare
  v_string varchar2(32676);
begin
  
  v_string := 'create or replace function get_os_user 
                 return varchar2 ' || ' is  ' || ' begin ' ||
              ' return (sys_context(''userenv'',''os_user''));' || ' end; ';
  
  execute immediate sys.dbms_ddl.wrap(v_string);
end;

The function get_os_user is created in the function section and In the view mode , I see the non readable hex format of the original function.Now my question is how I can see the original format of the function? The way the book from which I read about the package just said this:

The original text can be viewed in DBA/ALL/USER_SOURCE

Where is DBA/ALL/USER_SOURCE? Are there other ways to see the original format of wrapped functions and procedures?

Answer 1

You can't get the original source back. DBA_SOURCE, ALL_SOURCE, and USER_SOURCE are data dictionary views. So you can do something like

select line, text
  from user_source
 where name = 'GET_OS_USER'
   and type = 'FUNCTION';

That will show you the wrapped text of the function. But the point of wrapping your source code is to prevent users that have access to the database from recovering your source code. It would defeat the purpose if you could just view the unwrapped source in the data dictionary.

If you are going to wrap the source of your procedures, you would need to have the unwrapped source outside of the database. Presumably in a source control system.

A couple of notes-

• Wrapping is a pretty uncommon thing to do. It really only makes sense if you're delivering an application that clients will install and administer themselves but you don't trust your clients not to steal your intellectual property. These days, most companies in this sort of position would just offer a software-as-a-service product rather than having customers administer their own installation.
• There are presentations and some programs that you can find on the internet that walk through how to unwrap source. So it's not strictly true that you can't get the original source back. Newer versions of Oracle implement wrapping in a more secure way than older versions but no version is unbreakable.
• If you do wrap your code, the actual SQL statements that it executes will be visible in the clear in various data dictionary tables like v$sql, in AWR reports, etc. If your clients are determined to reverse engineer what your application is doing, they likely can. Wrapping just increases the degree of difficulty.