| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | "Charles N(dot) Charotti" <ccharotti(at)yahoo(dot)com> |
| Subject: | Re: Obfuscated definitions of database objects |
| Date: | 2007-08-24 16:14:24 |
| Message-ID: | 200708240914.24605.josh@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Charles,
> I want to know if there is any plan in future versions
> of PG to obfuscate the source code of some objects of
> the database, specially the functions of the backend ?
>
> I mean the text definition of each function or perhaps
> even triggers of the database.
Not seriously, no. Security by obscurity is not terribly effective, so adding
a method to conceal function defintions has never been a high priority for
the project, especially as it would introduce multiple complications in other
code. The only thing we've seriously discussed is the possiblity of not
displaying function definitions to roles which don't have any permissions on
the function. But I don't know anyone who's actually writing code for that.
Thing is, if you have a highly knowledgable hostile user who has a valid psql
login then you have problems well beyond them seeing your function
definitions.
But if you really think this is the strategy for your application, I suggest
that you write your functions in C and compile them, which will give you some
degree of obfuscation. Or give SEPostgres a try if you really want to lock
down your DB application.
--
Josh Berkus
PostgreSQL @ Sun
San Francisco
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Sullivan | 2007-08-24 16:17:54 | Re: Obfuscated definitions of database objects |
| Previous Message | Kevin Grittner | 2007-08-24 15:59:35 | Re: Final background writer cleanup for 8.3 |