Re: Securing stored procedures and triggers

From: Sam Mason <sam(at)samason(dot)me(dot)uk>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Securing stored procedures and triggers
Date: 2007-11-01 01:23:18
Message-ID: 20071101012318.GC1955@frubble.xen.chris-lamb.co.uk
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Wed, Oct 31, 2007 at 05:18:58PM -0400, mgould wrote:
> Thanks all. In the open source community there seems to be more
> talent to "hack" than in other environments.

I think we're just much more honest about what the technology is
really capable of. None of us is likely to actually bother breaking
into anything, it's just that once you understand the fundamental
building blocks of computers it's reasonably easy to determine specific
properties. People involved in FOSS projects generally have a much
better understanding of this that in other environments.

> Once I told ASA to set
> the "hidden" attribute, I've not had any problems with this, at least
> that I've heard of.

Which, almost by definition in security, you're not going to hear about.

> I was hoping that I'd be able to keep others out
> of the database totally but I can't host these applications for all of
> my customers.

In absolute terms you can't protect code. The whole point of computers
and information is that it's very difficult to lock down. Witness the
trouble that the big media companies are having with trying to "protect"
the contents of their DVD/CD's.

Sam

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Christian Schröder 2007-11-01 01:46:31 Re: (Never?) Kill Postmaster?
Previous Message Tom Lane 2007-10-31 23:59:57 Re: (Never?) Kill Postmaster?