| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | David Fetter <david(at)fetter(dot)org>, Merlin Moncure <merlin(dot)moncure(at)rcsonline(dot)com> |
| Subject: | Re: Hide source code |
| Date: | 2005-07-11 16:27:19 |
| Message-ID: | 200507110927.19571.josh@agliodbs.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David,
> That some "larger organizations" choose to use the known-unsafe method
> of security by obscurity is not a reason for anybody here to expend
> any effort helping them persist in this illusion: quite the opposite,
> in fact. "Larger organizations" are likely to have security needs
> which they actually need to address, not to pretend they've addressed
> while actually making things easy for attackers.
Hmmm, I agree with Merlin, I think. It would be nice if users who didn't have
permission to EXECUTE functions couldn't view their code, either. This would
probably carry a performance penalty, though.
Users with EXECUTE permission not being able to see code just isn't practical;
we support too many interpreted languages. If this is a concern, use C
functions and compile binaries. That's secure.
--
Josh Berkus
Aglio Database Solutions
San Francisco
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marko Kreen | 2005-07-11 16:43:33 | Re: 4 pgcrypto regressions failures - 1 unsolved |
| Previous Message | Ferruccio Zamuner | 2005-07-11 16:22:26 | Re: fetch_search_path() and elog.c |