0

I created Oracle Apex application 21.1.7. If I deploy my app to a user's cloud ATP database, how can I prevent the db admin from viewing the application's source code?

ie. Packages deployed, apex views (APEX_APPLICATION_PAGE_DA, APEX_APPLICATION_PAGE_PROC etc)

1L0pth
  • 58
  • 4

1 Answers1

2

You can't. Even if you use the DBMS_DDL.WRAP feature to obfuscate the code, it is easily reversed. At best, obfuscation makes it harder to see your code, but not impossible. Configuration items stored in APEX back-end tables will always be visible, too.

If this is a commercial product, make sure your license is very clear about acceptable use and/or reverse engineering. You can also check out products like PFCL Obfuscate (http://www.petefinnigan.com/weblog/archives/00001385.htm) which can give you the ability to automatically obfuscate your APEX app (still reversable!) and enforce license keys.

pmdba
  • 6,457
  • 2
  • 6
  • 16
  • Thank you pmdba, this I think is a deal breaker for us in terms of custom development using oracle apex; I hope moving to ADF or JET will be better in terms of source code protection. – 1L0pth Mar 02 '22 at 12:43
  • I'm not sure there's any such thing as perfect source protection. Even compiled applications can be de-compiled and reverse engineered by unscrupulous users. Most programming paradigms don't even have obfuscation. To the end, your user license / agreement is going to be your best/only defense: it is the only thing that will give you legal recourse when (not if) someone abuses your proprietary code. – pmdba Mar 02 '22 at 13:11