Skip site navigation (1) Skip section navigation (2)

Re: viewing source code

From: "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com>
To: 'Trevor Talbot' <quension(at)gmail(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc: Kris Jurka <books(at)ejurka(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bill Moran <wmoran(at)collaborativefusion(dot)com>, pgsql-performance(at)postgresql(dot)org
Subject: Re: viewing source code
Date: 2007-12-19 15:52:31
Message-ID: 1A6E6D554222284AB25ABE3229A92762112A33@nrtexcus702.int.asurion.com (view raw or flat)
Thread:
Lists: pgsql-performance
> -----Original Message-----
> From: Trevor Talbot [mailto:quension(at)gmail(dot)com]
> Sent: Wednesday, December 19, 2007 9:45 AM
> To: Joshua D. Drake
> Cc: Roberts, Jon; Kris Jurka; Merlin Moncure; Jonah H. Harris; Bill Moran;
> pgsql-performance(at)postgresql(dot)org
> Subject: Re: [PERFORM] viewing source code
> 
> On 12/18/07, Joshua D. Drake <jd(at)commandprompt(dot)com> wrote:
> 
> > On Tue, 18 Dec 2007 10:05:46 -0600
> > "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com> wrote:
> 
> > > If we are talking about enhancement requests, I would propose we
> > > create a role that can be granted/revoked that enables a user to see
> > > dictionary objects like source code.  Secondly, users should be able
> > > to see their own code they write but not others unless they have been
> > > granted this dictionary role.
> 
> > You are likely not going to get any support on an obfuscation front.
> > This is an Open Source project :P
> 
> Wait, what? This is a DBMS, with some existing security controls
> regarding the data users are able to access, and the proposal is about
> increasing the granularity of that control. Arbitrary function bodies
> are just as much data as anything else in the system.
> 
> Obfuscation would be something like encrypting the function bodies so
> that even the owner or administrator cannot view or modify the code
> without significant reverse engineering. I mean, some people do want
> that sort of thing, but this proposal isn't even close.

Trevor, thank you for making the proposal clearer.

The more I thought about a counter proposal to put views on pg_proc, I
realized that isn't feasible either.  It would break functionality of
pgAdmin because users couldn't view their source code with the tool.

> 
> Where on earth did "obfuscation" come from?

Don't know.  :)


This really is a needed feature to make PostgreSQL more attractive to
businesses.  A more robust security model that better follows commercial
products is needed for adoption.


Jon


Responses

pgsql-performance by date

Next:From: Alvaro HerreraDate: 2007-12-19 15:55:31
Subject: Re: viewing source code
Previous:From: Trevor TalbotDate: 2007-12-19 15:45:06
Subject: Re: viewing source code

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group