Build, protect and deploy apps across any platform and mobile device
Leverage a complete UI toolbox for web, mobile and desktop development
Automate UI, load and performance testing for web, desktop and mobile
Rapidly develop, manage and deploy business apps, delivered as SaaS in the cloud
Build mobile apps for iOS, Android and Windows Phone
Optimize data integration with high-performance connectivity
Connect to any cloud or on-premise data source using a standard interface
Build engaging multi-channel web and digital experiences with intuitive web content management
Automate decision processes with a no-code business rules engine
Reading this week's eWEEK coverage of the BlackHat conference, one topic Unwrapping Oracle PL/SQL, given by Pete Finnigan stood out for me. I'll quote directly from the session abstract:
PL/SQL is the flagship language used inside the Oracle database for many years and through many versions to allow customers to implement their business rules and logic. Oracle has recognized that it is necessary for customers to protect their intellectual property coded in PL/SQL and has provided the wrap program. The wrapping mechanism has been cracked some years ago and there are unwrapping tools in the black hat community. Oracle has beefed up the wrapping mechanism in Oracle 10g to in part counter this.
The past six months has seen significant activity in both the ADO.NET vNext space and also in JDBC 4.0, which are respectively evolving quickly and moving towards a final specification. In particular, ADO.NET vNext and LINQ for Entities has done much to recognize the level of investment that exists in today's databases, and putting significant effort into making easier for applications to evolve outside the confines of database schema.
This highlights a possible security consideration that future applications will need to take account - not only will the business rules and logic intellectual property exist on the database, but considering the well intentioned goals of the ADO.NET vNext entity layer, how should applications best protect their IP ? Now that it may co-exist both at the application level and the database, evolving out of step of the underlying database, this presents a new set of risks. The Java community has enjoyed a stable entity model for sometime, however to my knowledge this not a topic that has been discussed wildly in the Java community. Perhaps there are lessons we can look to there, however I would be interested to hear anyone's experiences in this area...
Update: Pete Finnigcan slides from Black Hat 2006 have just been posted here.
View all posts from Jonathan Bruce on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Copyright © 2017, Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.
Progress, Telerik, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks or appropriate markings.