Skip site navigation (1) Skip section navigation (2)

WIP: plpgsql source code obfuscation

From: "Pavel Stehule" <pavel(dot)stehule(at)gmail(dot)com>
To: pgsql-patches <pgsql-patches(at)postgresql(dot)org>
Subject: WIP: plpgsql source code obfuscation
Date: 2008-01-28 12:51:31
Message-ID: 162867790801280451y5ca29f00i1a55e8673ba80e5@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-patches
Hello

this patch define new function flag - OBFUSCATE. With this flag
encrypted source code is stored to probin column. Password is stored
in GUC_SUPERUSER_ONLY item - it is similar security like SQL Server
does (where privileged users can access system tables with source code
or can use debugger).

ToDo: Dump

Sample:

postgres=# show obfuscator_password;
  obfuscator_password
-----------------------
 moje supertajne heslo
(1 row)

postgres=# \x
Expanded display is on.
postgres=# create or replace function fx() returns int as $$begin
return -1; end; $$ language plpgsql;
CREATE FUNCTION
postgres=# \df+ fx
List of functions
-[ RECORD 1 ]-------+-----------------------
Schema              | public
Name                | fx
Result data type    | integer
Argument data types |
Volatility          | volatile
Owner               | bob
Language            | plpgsql
Source code         | begin return -1; end;
Description         |

postgres=# ALTER FUNCTION fx() obfuscate;
NOTICE:  begin return -1; end;
ALTER FUNCTION
postgres=# \df+ fx
List of functions
-[ RECORD 1 ]-------+---------
Schema              | public
Name                | fx
Result data type    | integer
Argument data types |
Volatility          | volatile
Owner               | bob
Language            | plpgsql
Source code         | -
Description         |

postgres=# select fx();
-[ RECORD 1 ]
fx | -1

postgres=# create or replace function fx() returns int as $$begin
return -1; end; $$ language plpgsql obfuscate;
CREATE FUNCTION
postgres=# select fx();
-[ RECORD 1 ]
fx | -1

postgres=# \df+ fx
List of functions
-[ RECORD 1 ]-------+---------
Schema              | public
Name                | fx
Result data type    | integer
Argument data types |
Volatility          | volatile
Owner               | bob
Language            | plpgsql
Source code         | -
Description         |

postgres=# select * from pg_proc where proname = 'fx';
-[ RECORD 1 ]--+----------------------------------------------------------------------------
proname        | fx
pronamespace   | 2200
proowner       | 16385
prolang        | 16421
procost        | 100
prorows        | 0
proisagg       | f
prosecdef      | f
proisstrict    | f
proretset      | f
provolatile    | v
pronargs       | 0
prorettype     | 23
proargtypes    |
proallargtypes |
proargmodes    |
proargnames    |
prosrc         | -
probin         |
\231\003_\266\361\214}\231\240L/\020\232\036c\234\315P\236\266I\370\324\222
proconfig      |
proacl         |


[pavel(at)okbob-bb ~]$ psql -U bob postgres
Welcome to psql 8.3RC2, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

postgres=> \x
Expanded display is on.
postgres=> show obfuscator_password;
ERROR:  must be superuser to examine "obfuscator_password"
postgres=> select fx();
-[ RECORD 1 ]
fx | -1

postgres=> \df+ fx
List of functions
-[ RECORD 1 ]-------+---------
Schema              | public
Name                | fx
Result data type    | integer
Argument data types |
Volatility          | volatile
Owner               | bob
Language            | plpgsql
Source code         | -
Description         |

postgres=> select * from pg_proc where proname = 'fx';
-[ RECORD 1 ]--+----------------------------------------------------------------------------
proname        | fx
pronamespace   | 2200
proowner       | 16385
prolang        | 16421
procost        | 100
prorows        | 0
proisagg       | f
prosecdef      | f
proisstrict    | f
proretset      | f
provolatile    | v
pronargs       | 0
prorettype     | 23
proargtypes    |
proallargtypes |
proargmodes    |
proargnames    |
prosrc         | -
probin         |
\231\003_\266\361\214}\231\240L/\020\232\036c\234\315P\236\266I\370\324\222
proconfig      |
proacl         |

Attachment: obfuscate.diff
Description: text/x-patch (15.7 KB)

Responses

pgsql-patches by date

Next:From: Gokulakannan SomasundaramDate: 2008-01-28 13:21:57
Subject: Re: [HACKERS] Including Snapshot Info with Indexes
Previous:From: Zeugswetter Andreas ADI SDDate: 2008-01-28 11:25:45
Subject: Re: [PATCHES] Proposed patch: synchronized_scanning GUC variable

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group