Re: viewing source code

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 20 Dec 2007 13:45:08 -0600
"Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com> wrote:

> I think it is foolish to not make PostgreSQL as feature rich when it
> comes to security as the competition because you are idealistic when
> it comes to the concept of source code. PostgreSQL is better in many
> ways to MS SQL Server and equal to many features of Oracle but when
> it comes to security, it is closer to MS Access.

If this were true, we would be in a lot more trouble than what you are
presenting here. Let's think about what PostgreSQL supports....

GSSAPI
Kerberos
SSL
PAM
Role based security
Security definer functions
Data based views (ability to assign restrictions to particular
roles via views)
External security providers

...

Sounds like you have some reading to do before you make broad
assumptions about PostgreSQL security. Everything you want to do is
possible with Postgresql today. You may have write an executor function
to hide your code but you can do it. You may not be able to do it with
plpgsql but you certainly could with any of the other procedural
languages.

Sincerely,

Joshua D. Drake

- --
The PostgreSQL Company: Since 1997, http://www.commandprompt.com/
Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
SELECT 'Training', 'Consulting' FROM vendor WHERE name = 'CMD'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHashRATb/zqfZUUQRAmlRAJoDWr44yld8Ow2qdcvoUdtMiOs5AgCfQ/e7
4OGIPE6ZAHPQPCQ/Mc/dusk=
=73a1
-----END PGP SIGNATURE-----