Scribd Logo
Upload

Welcome to Scribd!

  • PLSQL To Java

    Uploaded by

    selvarunachalam
    80 views6 pages
    Why need to move business logic into Java

    Original Title

    PLSQL TO JAVA

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Why need to move business logic into Java

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    80 views6 pages

    PLSQL To Java

    Uploaded by

    selvarunachalam
    Why need to move business logic into Java

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    PROJECT AIM

    To secure and enhance the Business logics

    PROBLEM IN PL/SQL BUSINESS LOGIC


    Though the Oracle PL/SQL gives more functionality, it lacks in code security feature. Company has to be responsible for its IPR (Intellectual Property Rights) on their business logic. Business Logics are not secured in PL/SQL Environment. Oracle provides wrap utility to hide the actual source code into non-readable code form. But, it can be reversible. Pete Finnigan, a specialist in researching and securing Oracle databases, demonstrates the step-by-step process of wrapping and unwrapping of PL/SQL code (ref. 1) and some sites unwraps the PL/SQL wrapped code online (ref. 2). So, the business logic can be copied, modified and updated. Hence, Oracle security is not guaranteed. Intellectual Property (i.e. Business Logic) of the company is not secure when they shipped the code. So we oppose to put the business logic in PL/SQL. Hence, we provide two solutions here. They are Use Third Party tools to secure PL/SQL code. Move Business Logic into secured and enhanced environment

    SOLUTIONS

    SOLUTION1: USE THIRD PARTY TOOL Pete Finnigan, who hack the PL/SQL code, released a PL/SQL code secure tool called PFCLObfuscate. None other tools available now. It is proprietary tool. You have to buy license for each machine. The cost is high.

    SOLUTION 2: MOVE BUSINESS LOGIC INTO SECURED AND ENHANCED ENVIRONMENT By the above statement, its proved put business logic in PL/SQL is not secure. Hence we have to choose another technology that provides security and enhance from its existing technology. Java is an alternative technology. Because It is free and open source Lots of choices in tools Layered Application Architecture Widely Accepted technology Secure than PL/SQL

    HOW JAVA BUSINESS LOGIC IS SECURE? Java bytecode can also be reversed (or decompiled) into source code. To secure the bytecode, java had bytecode obfuscation tools. Most of tools act as shrinker, optimizer and obfuscator. It obfuscates both codes and string constants. It can translate stack traces. Hence your business logic will be secure (ref. 3).

    MOVE BUSINESS LOGIC INTO SAME ARCHITECTURE Oracle supports java. It allows us to create Java Stored Procedures. Oracle classifies the java program and SQL Statements from your Java Stored Procedures and sends java programs to Oracles Aurora JVM and SQL statements to the SQL Engine. We may put business logic into the Java Stored Procedures. Hence our Business Logic will be secured but not any enhancement. Because, business logic is still with database server.

    MOVE BUSINESS LOGIC INTO DIFFERENT ARCHITECTURE Both Business Logics PL/SQL Stored Procedures and Java Stored Procedures are resides with database server. Chad Z. Hower, a Microsoft MVP, explained clearly why and where to be business logic (ref. 4). If we extend number of users and provide additional functionality to the server, it overheads to the database server. Database Servers hardware cost is relatively higher than Application Servers hardware cost. We extend the application server instead of database server if we put business logic separate and all business logics are highly depending with database environment. Hence we get good performance with low cost and avoid database dependence. According to his statement, it is better to be separate business tier from database tier. Next, we have to select another technology that does the same in PL/SQL environment without affecting previous performance.

    EXISTING ARCHITECTURE

    Client Side

    Presentation Layer

    .NET/JAVA GUI

    Application Server Side

    Service Layer

    WEB SERVICES

    Business Logic Layer

    PL/SQL PACKAGES PL/SQL PACKAGES ORACLE Database

    Database Server Side

    Data Access Layer

    ORACLE DB
    Resource Layer

    Complete Oracle Suite

    In the existing architecture, problematic part is server side itself. We have to all separate business logic layer from server side. Proposed Architecture is given below.

    PROPOSED ARCHITECTURE

    Client Side

    Presentation Layer

    .NET/JAVA GUI

    Application Server Side

    Service Layer

    WEB SERVICES

    Application Server Side

    Business Layer

    POJO/RMI/ EJB

    Application Server Side

    Data Access Layer

    JDBC + SQL

    Database Server Side

    Resource Layer

    Any RDBMS

    According to new architecture, all layers will be separated. For each layer, we have enough tools and framework to support.

    REFERENCE 1) Wrapping and Unwrapping http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Finnigan.pdf 2) Unwrap the code - Demo http://www.codecrete.net/UnwrapIt/ 3) Bytecode Obfuscation https://www.owasp.org/index.php/Bytecode_obfuscation 4) Chad Z. Hower Microsoft MVP http://www.codeproject.com/Articles/10746/Dude-where-s-my-business-logic

    You might also like