• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 257
  • Last Modified:

securing database objects

hi to all
we have oracle user on the server , i'm not the owner of it , just cleint ,
in purpose to improove the work , i created some objects to that user such as : tables , views , functions and procedures
then i designed some forms & reports , uploading them fmx & rep files to the server to be under using for all users
but as my bad luck , our officers asked me to send  the source code of the forms & reports
to our IT team , where i worried why they need them even i didn't asked them for any fees ?  , but i refuse to give it to them
now i have 2 questions :
1- is there any way they could convert the fmx & rep to its fmb & rdf ?
2- how i could secure or encrypt those objects which i created such : tables , views , functions and procedures , so they could not view the codes of the functions & procedurs ?
0
NiceMan331
Asked:
NiceMan331
  • 8
  • 7
  • 2
  • +1
3 Solutions
 
Wasim Akram ShaikCommented:
-->1- is there any way they could convert the fmx & rep to its fmb & rdf ?

There is no way or steps to convert an executable file to its raw format.
So you need not worry about this part..they can't view your code(fmb, rdf)..

-->2- how i could secure or encrypt those objects which i created such : tables , views , functions and procedures , so they could not view the codes of the functions & procedurs
 
Coming to database objects they can view your tables or views, for functions and procedures.

you can wrap them if you want and compile the wrapped code in database..
A compiled database function or procedure can serve the purpose but the code cannot be read by others, how to convert it in wrapped form can be read from here

http://docs.oracle.com/cd/B10501_01/appdev.920/a96624/c_wrap.htm
for a better illustration check tim hall site
http://www.oracle-base.com/articles/10g/wrap-and-dbms_ddl-10gr2.php
0
 
slightwv (䄆 Netminder) Commented:
>>where i worried why they need them even i didn't asked them for any fees

Many shops have policies that require code review for anything running on their systems to make sure it does what it is supposed to do and doesn't have anything in it that is potentially dangerous.

Would you take code you downloaded from this site or anywhere off the Internet and just run it on your system without knowing what is in it?

>>you can wrap them if you want and compile the wrapped code in database..

Oracle's WRAP process has been cracked.  It is now possible to unwrap code if you feel like taking the time.
0
 
DavidSenior Oracle Database AdministratorCommented:
I find "... our officers asked ..."  and "... didn't ask for any fees ..." puzzling.

Are you an employee, working under the authority of your "officers"?  And do you have some written contractual agreement that your intellectual property (source code) belongs to you?  There seems to be an adversarial relationship.....

Do you have a current resume??
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
NiceMan331Author Commented:
DVz , good question , actually we have one application but it not feet all our requirement , one accountant asked officer to purchase additional program for his work which the current application doesn't manage it , they order our IT to design that program but they didn't do , they refuse , then I offer my self to design it under acknowledge of the officer , after 2 months of work with the forms which I designed , the accountant write a report that he test it and it is well , asking them to pay me something , but they disregard his paper , then he told me if you like to destroy the unit no problem with me because they refuse to bounos you , I answered him no problem for me , continue and feel free to work with it , that was the full story
0
 
NiceMan331Author Commented:
So , I accept to have no payment for my work , but is it fare that they asked me to give them the sources free also ?
0
 
slightwv (䄆 Netminder) Commented:
Disclaimer:  Only a Lawyer can provide an expert opinion on this but...

Did you work on this project at all on company time?  If so, it belongs to the company or at least part of it does.

If you worked on it after hours on your own personal time and used NO company resources (Who pays your Experts-Exchange subscription?  Did you use the company Oracle licenses?) then it is yours.

Sounds like you have two options:  Give up the source code or refuse and suffer the consequences.
0
 
NiceMan331Author Commented:
Slightw , I'm not asking any fees from my company , but I feel I have the right to keep the source for me ,  as the application which we purchased it , they didn't provide us their source code
0
 
slightwv (䄆 Netminder) Commented:
>>they didn't provide us their source code

All depends on the product and license agreements.  Off the shelf products rarely provide raw source code (Windows, Oracle, etc...).  The Terms of Use almost always prohibits the reverse engineering of compiled code.

If you contracted to have software written for you, source code delivery is part of the contract.  If the raw code is part of the contract, the cost of the contract is typically a lot more.

>>but I feel I have the right to keep the source for me

I understand what you 'feel'.  My last post was about what is likely the legal issues.  What is 'legal' doesn't always feel 'right'.

If you used ANY company time or resources to assist in the development, the work product belongs to the company.  You'll likely lose 100% of the time in court unless you can afford better lawyers than your company (I know I can't).

I have a related real-world experience:
As an employee of a company I developed an application for corporate use.  There was a group of contractors in another division of the company that claimed they 'needed' my source code for 'QA purposes'.

I was doing things that they didn't know how to do.  I knew they only wanted to educate themselves based on my work and leverage their own contract based on what my code taught them.

Well, long story short:  Executive management sided with them.  I could either turn over my code or 'flip them the bird' and quit.

I feel those are also your only two options.
0
 
Wasim Akram ShaikCommented:
Its really bad on your part that your work is not rewarded.

I would rather suggest you to give up a half-baked product(like give fmx for fmb etc.,), rather than giving it completely, this way you could break the resistance between either parties and also they would come up after you for suggestions/clarifications on how to do.

Remember, there is no such thing that only one individual can do, anything and everything can be replaced during the course of time.

If you have kept it for yourself then you cannot be the 'Nice Man' at your workplace. Sometimes it better to give up and don't expect anything.
0
 
NiceMan331Author Commented:
Sometimes it better to give up and don't expect anything.
that was exactly what i started , i didn't expect anything , even when that man submit the request to pay me , he didn't inform me in advance , he just told me after , and i accept it by telling : feel free to use it , and i really feel happy that some person benefit from my work
but  , when you receive bad things against good things ( bad behavior /  bad design / bad deal ) , at this time you lost your control for your self , and here you wish that you didn't do it
0
 
slightwv (䄆 Netminder) Commented:
>>and here you wish that you didn't do it

Why does giving up your code make you wish you didn't do it?

Since you are more than a little upset about giving up the code it tells me that you didn't just do it for fun and to benefit the company.

I'm thinking you did it to prove a point to the company.  Are you sure you didn't do it just to prove how good you were and how 'stupid' they were for thinking of buying an expensive product.

If I try to put it into words:  "See how dumb you all are?  I did it in two months for free!  So, suck it!  I'm taking my ball and going home..."


Back to the code.
Take this site for example:  ALL the Experts here are volunteers.  All we get in return for answering questions is points and the satisfaction of helping others.

In answering questions, we provide A LOT of raw code.

What would happen if I answered your next question by uploading an executable and telling you that it will do what you want, just run it, trust me.

Would you?
0
 
NiceMan331Author Commented:
What would happen if I answered your next question by uploading an executable and telling you that it will do what you want, just run it, trust me.

Would you?

i got what you mean , but here it is different , i pay the subscription from my pocket to add more acknolwedge for me ,
if just executable , it will not helping me , because i'm looking to learn
there , they are looking to use only , not to learn
but i got punished because i didn't submit the code
compare
0
 
slightwv (䄆 Netminder) Commented:
Sorry but I really don't see it as different.  I suppose I'm looking at it from a different perspective.

>>they are looking to use only , not to learn

As I mentioned before, most shops require a code review of non-commercial products.  Them blindly running your code is not really any different than you blindly running something I upload here.

>>but i got punished because i didn't submit the code

And now you are likely seen as someone that cannot be trusted or seen as a trouble maker.  Your status in the company has been harmed.

For what?
0
 
NiceMan331Author Commented:
Slightw , look , I'm not here to take a lesson from you in subject of politeness , I'm paying money to this site to get solution , so you should solve my issue  , give me now the code of  your executable which you described in your prior post ,
0
 
slightwv (䄆 Netminder) Commented:
Now take what you just said, change sides and apply it to your company's position.

Isn't that exactly what your company said to you?
0
 
NiceMan331Author Commented:
Exactly ,                                                           Slightw , I apologize about the impolite language I spoke to you , I'm really so sorry for that , I just want to show you the type of their language just to see what your reflect will be , again I'm so sorry , plz accept my apologize
0
 
slightwv (䄆 Netminder) Commented:
No need to apologize.  I sort of understood what you were attempting to do.  Just didn't get the whole concept.  ;)

I understand your frustration in not wanting to give up the code.  I just feel that not giving it up is a winning position for you.
0
 
NiceMan331Author Commented:
Thanx slogtw , I learned a lot from you , this site not learning programming only , but also goodness and politeness , thanx to all , I feel something good better that yesterday , may be tomorrow will all harmless will disappear
0
 
DavidSenior Oracle Database AdministratorCommented:
An aside: there is a world-side STEM program, FIRST LEGO League; one of the character values they promote is for "Gracious Professionalism".  Pretty good stuff.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 7
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now