Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Custom and GOTS application source code stored in the database should be protected with encryption or encoding.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3823 | DG0091-ORACLE11 | SV-28568r1_rule | DCSL-1 | Low |
| Description |
|---|
| Source code may include information on data relationships, locations of sensitive data that are otherwise obscured, or other processing information that could aid a malicious user. Encoding or encryption of the custom source code objects within the database helps protect against this type of disclosure. |
| STIG | Date |
|---|---|
| Oracle 11 Database Instance STIG | 2014-01-14 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-25838r1_fix) |
|---|
| Use the Oracle WRAP utility to encode application source code stored in application database objects (stored procedures, functions, package bodies). The following may be used as an example process: 1) export the application object source and store in an external file. From SQL*Plus: set show off set heading off set verify off set echo off set term off set pagesize 0 set feedback off set serveroutput on size 1000000 set wrap on set trimspool on set linesize 512 spool [output file name = proc.sql] select text from dba_source where object_name='[object name]'; spool off 2) From system command line, invoke the wrap utility. wrap iname=proc.sql oname=proc.plb This will result in the file name proc.plb 3) re-create the object with the encoded source code. From SQL*Plus: @proc.plb |