Skip site navigation (1) Skip section navigation (2)

Re: Securing stored procedures and triggers

From: Douglas McNaught <doug(at)mcnaught(dot)org>
To: "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com>
Cc: fasupport(at)allcoast(dot)net, pgsql-general(at)postgresql(dot)org
Subject: Re: Securing stored procedures and triggers
Date: 2007-10-31 19:50:10
Message-ID: 873avrqd1p.fsf@suzuka.mcnaught.org (view raw or flat)
Thread:
Lists: pgsql-general
"Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com> writes:

> On 10/31/07, Douglas McNaught <doug(at)mcnaught(dot)org> wrote:
>
>> The only bulletproof way to do this currently is to write all your
>> stored functions in C and load them as a shared library.
>
> Well, as I pointed out in my post, even that's not bullet-proof.  As
> long as decompilers / debuggers etc... exist, then compiling is just a
> small barrier to a good hacker.  The only way to win is not to play,
> i.e. keep the code in house.

Very true, I should have said "semi-bulletproof".  :)

In addition, the "interesting" parts of a C function would be the SPI
queries, which unless further obfuscated would be easily extractable
from the library using strings(1).

-Doug

In response to

pgsql-general by date

Next:From: Ian GoldsmidDate: 2007-10-31 19:56:39
Subject: can someone please tell me how to unsubscribe from this group - thanks
Previous:From: Ron St-PierreDate: 2007-10-31 19:22:42
Subject: Re: getting list of tables from command line

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group