Skip site navigation (1) Skip section navigation (2)

Re: WIP: plpgsql source code obfuscation

From: "Pavel Stehule" <pavel(dot)stehule(at)gmail(dot)com>
To: "Andrew Dunstan" <andrew(at)dunslane(dot)net>
Cc: pgsql-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: WIP: plpgsql source code obfuscation
Date: 2008-01-28 15:45:15
Message-ID: 162867790801280745m76a18734q38e2c45588b6422a@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-patches
On 28/01/2008, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>
>
> Pavel Stehule wrote:
> > Hello
> >
> > this patch define new function flag - OBFUSCATE. With this flag
> > encrypted source code is stored to probin column. Password is stored
> > in GUC_SUPERUSER_ONLY item - it is similar security like SQL Server
> > does (where privileged users can access system tables with source code
> > or can use debugger)
> >
> > ToDo: Dump
> >
>
> Maybe a better TODO would be to do this task in the way that has
> previously been suggested:
> http://archives.postgresql.org/pgsql-hackers/2007-08/msg00258.php
>
> I'm certainly not happy about any proposal to put a password/key in a
> GUC var - that strikes me as a major footgun.
>

why? we cannot ensure bigger real security. Anybody with superuser
rights can add modules that show source code of plpgsql procedure, or
can run debugger and attach postgres process.

p.s. this topic was discussed in http://markmail.org/message/r6jy7m6oryi5owyb

Pavel

> cheers
>
> andrew
>
>
>

In response to

pgsql-patches by date

Next:From: Gregory StarkDate: 2008-01-28 15:59:30
Subject: Re: WIP: plpgsql source code obfuscation
Previous:From: Andrew DunstanDate: 2008-01-28 14:55:56
Subject: Re: WIP: plpgsql source code obfuscation

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group