Solved

securing database objects

Posted on 2014-04-30
19
245 Views
Last Modified: 2014-05-03
hi to all
we have oracle user on the server , i'm not the owner of it , just cleint ,
in purpose to improove the work , i created some objects to that user such as : tables , views , functions and procedures
then i designed some forms & reports , uploading them fmx & rep files to the server to be under using for all users
but as my bad luck , our officers asked me to send  the source code of the forms & reports
to our IT team , where i worried why they need them even i didn't asked them for any fees ?  , but i refuse to give it to them
now i have 2 questions :
1- is there any way they could convert the fmx & rep to its fmb & rdf ?
2- how i could secure or encrypt those objects which i created such : tables , views , functions and procedures , so they could not view the codes of the functions & procedurs ?
0
Comment
Question by:NiceMan331
  • 8
  • 7
  • 2
  • +1
19 Comments
 
LVL 16

Assisted Solution

by:Wasim Akram Shaik
Wasim Akram Shaik earned 150 total points
ID: 40031776
-->1- is there any way they could convert the fmx & rep to its fmb & rdf ?

There is no way or steps to convert an executable file to its raw format.
So you need not worry about this part..they can't view your code(fmb, rdf)..

-->2- how i could secure or encrypt those objects which i created such : tables , views , functions and procedures , so they could not view the codes of the functions & procedurs
 
Coming to database objects they can view your tables or views, for functions and procedures.

you can wrap them if you want and compile the wrapped code in database..
A compiled database function or procedure can serve the purpose but the code cannot be read by others, how to convert it in wrapped form can be read from here

http://docs.oracle.com/cd/B10501_01/appdev.920/a96624/c_wrap.htm
for a better illustration check tim hall site
http://www.oracle-base.com/articles/10g/wrap-and-dbms_ddl-10gr2.php
0
 
LVL 76

Accepted Solution

by:
slightwv (䄆 Netminder) earned 300 total points
ID: 40031852
>>where i worried why they need them even i didn't asked them for any fees

Many shops have policies that require code review for anything running on their systems to make sure it does what it is supposed to do and doesn't have anything in it that is potentially dangerous.

Would you take code you downloaded from this site or anywhere off the Internet and just run it on your system without knowing what is in it?

>>you can wrap them if you want and compile the wrapped code in database..

Oracle's WRAP process has been cracked.  It is now possible to unwrap code if you feel like taking the time.
0
 
LVL 23

Assisted Solution

by:David
David earned 50 total points
ID: 40032124
I find "... our officers asked ..."  and "... didn't ask for any fees ..." puzzling.

Are you an employee, working under the authority of your "officers"?  And do you have some written contractual agreement that your intellectual property (source code) belongs to you?  There seems to be an adversarial relationship.....

Do you have a current resume??
0
 

Author Comment

by:NiceMan331
ID: 40033306
DVz , good question , actually we have one application but it not feet all our requirement , one accountant asked officer to purchase additional program for his work which the current application doesn't manage it , they order our IT to design that program but they didn't do , they refuse , then I offer my self to design it under acknowledge of the officer , after 2 months of work with the forms which I designed , the accountant write a report that he test it and it is well , asking them to pay me something , but they disregard his paper , then he told me if you like to destroy the unit no problem with me because they refuse to bounos you , I answered him no problem for me , continue and feel free to work with it , that was the full story
0
 

Author Comment

by:NiceMan331
ID: 40033321
So , I accept to have no payment for my work , but is it fare that they asked me to give them the sources free also ?
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 40033328
Disclaimer:  Only a Lawyer can provide an expert opinion on this but...

Did you work on this project at all on company time?  If so, it belongs to the company or at least part of it does.

If you worked on it after hours on your own personal time and used NO company resources (Who pays your Experts-Exchange subscription?  Did you use the company Oracle licenses?) then it is yours.

Sounds like you have two options:  Give up the source code or refuse and suffer the consequences.
0
 

Author Comment

by:NiceMan331
ID: 40033408
Slightw , I'm not asking any fees from my company , but I feel I have the right to keep the source for me ,  as the application which we purchased it , they didn't provide us their source code
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 40033432
>>they didn't provide us their source code

All depends on the product and license agreements.  Off the shelf products rarely provide raw source code (Windows, Oracle, etc...).  The Terms of Use almost always prohibits the reverse engineering of compiled code.

If you contracted to have software written for you, source code delivery is part of the contract.  If the raw code is part of the contract, the cost of the contract is typically a lot more.

>>but I feel I have the right to keep the source for me

I understand what you 'feel'.  My last post was about what is likely the legal issues.  What is 'legal' doesn't always feel 'right'.

If you used ANY company time or resources to assist in the development, the work product belongs to the company.  You'll likely lose 100% of the time in court unless you can afford better lawyers than your company (I know I can't).

I have a related real-world experience:
As an employee of a company I developed an application for corporate use.  There was a group of contractors in another division of the company that claimed they 'needed' my source code for 'QA purposes'.

I was doing things that they didn't know how to do.  I knew they only wanted to educate themselves based on my work and leverage their own contract based on what my code taught them.

Well, long story short:  Executive management sided with them.  I could either turn over my code or 'flip them the bird' and quit.

I feel those are also your only two options.
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40033796
Its really bad on your part that your work is not rewarded.

I would rather suggest you to give up a half-baked product(like give fmx for fmb etc.,), rather than giving it completely, this way you could break the resistance between either parties and also they would come up after you for suggestions/clarifications on how to do.

Remember, there is no such thing that only one individual can do, anything and everything can be replaced during the course of time.

If you have kept it for yourself then you cannot be the 'Nice Man' at your workplace. Sometimes it better to give up and don't expect anything.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:NiceMan331
ID: 40034202
Sometimes it better to give up and don't expect anything.
that was exactly what i started , i didn't expect anything , even when that man submit the request to pay me , he didn't inform me in advance , he just told me after , and i accept it by telling : feel free to use it , and i really feel happy that some person benefit from my work
but  , when you receive bad things against good things ( bad behavior /  bad design / bad deal ) , at this time you lost your control for your self , and here you wish that you didn't do it
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 40034375
>>and here you wish that you didn't do it

Why does giving up your code make you wish you didn't do it?

Since you are more than a little upset about giving up the code it tells me that you didn't just do it for fun and to benefit the company.

I'm thinking you did it to prove a point to the company.  Are you sure you didn't do it just to prove how good you were and how 'stupid' they were for thinking of buying an expensive product.

If I try to put it into words:  "See how dumb you all are?  I did it in two months for free!  So, suck it!  I'm taking my ball and going home..."


Back to the code.
Take this site for example:  ALL the Experts here are volunteers.  All we get in return for answering questions is points and the satisfaction of helping others.

In answering questions, we provide A LOT of raw code.

What would happen if I answered your next question by uploading an executable and telling you that it will do what you want, just run it, trust me.

Would you?
0
 

Author Comment

by:NiceMan331
ID: 40034442
What would happen if I answered your next question by uploading an executable and telling you that it will do what you want, just run it, trust me.

Would you?

i got what you mean , but here it is different , i pay the subscription from my pocket to add more acknolwedge for me ,
if just executable , it will not helping me , because i'm looking to learn
there , they are looking to use only , not to learn
but i got punished because i didn't submit the code
compare
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 40034467
Sorry but I really don't see it as different.  I suppose I'm looking at it from a different perspective.

>>they are looking to use only , not to learn

As I mentioned before, most shops require a code review of non-commercial products.  Them blindly running your code is not really any different than you blindly running something I upload here.

>>but i got punished because i didn't submit the code

And now you are likely seen as someone that cannot be trusted or seen as a trouble maker.  Your status in the company has been harmed.

For what?
0
 

Author Comment

by:NiceMan331
ID: 40034591
Slightw , look , I'm not here to take a lesson from you in subject of politeness , I'm paying money to this site to get solution , so you should solve my issue  , give me now the code of  your executable which you described in your prior post ,
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 40034612
Now take what you just said, change sides and apply it to your company's position.

Isn't that exactly what your company said to you?
0
 

Author Comment

by:NiceMan331
ID: 40034957
Exactly ,                                                           Slightw , I apologize about the impolite language I spoke to you , I'm really so sorry for that , I just want to show you the type of their language just to see what your reflect will be , again I'm so sorry , plz accept my apologize
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 40034982
No need to apologize.  I sort of understood what you were attempting to do.  Just didn't get the whole concept.  ;)

I understand your frustration in not wanting to give up the code.  I just feel that not giving it up is a winning position for you.
0
 

Author Comment

by:NiceMan331
ID: 40035031
Thanx slogtw , I learned a lot from you , this site not learning programming only , but also goodness and politeness , thanx to all , I feel something good better that yesterday , may be tomorrow will all harmless will disappear
0
 
LVL 23

Expert Comment

by:David
ID: 40035051
An aside: there is a world-side STEM program, FIRST LEGO League; one of the character values they promote is for "Gracious Professionalism".  Pretty good stuff.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

How to Create User-Defined Aggregates in Oracle Before we begin creating these things, what are user-defined aggregates?  They are a feature introduced in Oracle 9i that allows a developer to create his or her own functions like "SUM", "AVG", and…
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
This video shows how to Export data from an Oracle database using the Original Export Utility.  The corresponding Import utility, which works the same way is referenced, but not demonstrated.
This video shows how to recover a database from a user managed backup

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now