![]() Perhaps a better solution would be a client based solution, i.e. Can they make the wrap process stronger? - probably, is it worth the effort? not sure, whatever is implemented would probably be cracked. Is it a bug that there is a possibility to unwrap? in theory probably "no" because Oracle never said code recovery was impossible. This is not true, and perhaps the misconception is because some of the unwrappers out there were created for security consultants/researchers so that they could find bugs and in these cases true source code recovery was not necessary. One comment on the thread suggested that only the structure of the code is possible to get using an unwrapper. There are unwrappers out there for both types of wrap. Oracle do not state in their documentation that its a secure solution, they say its obfuscation. Firstly Oracle's wrap process either pre-10g and post 10g (both methods are quite different) is not encryption, its simple obfuscation (your view on the definition of "simple" will vary). 1.7K Training / Learning / Certification.165.3K Java EE (Java Enterprise Edition).7.9K Oracle Database Express Edition (XE).3.8K Java and JavaScript in the Database.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |