Skip site navigation (1) Skip section navigation (2)

Obfuscated stored procedures (was Re: Oracle and Postgresql)

From: Bill Moran <wmoran(at)collaborativefusion(dot)com>
To: Greg Smith <gsmith(at)gregsmith(dot)com>
Cc: Jonathan Bond-Caron <jbondc(at)openmv(dot)com>, "'Postgres General List'" <pgsql-general(at)postgresql(dot)org>
Subject: Obfuscated stored procedures (was Re: Oracle and Postgresql)
Date: 2008-09-16 00:29:22
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-generalpgsql-www
Greg Smith <gsmith(at)gregsmith(dot)com> wrote:
> The problem here is that the PostgreSQL community is fully aware how bogus 
> any encryption method is and doesn't even bother, while Oracle is 
> perfectly happy selling a solution that is easily bypassed.  Don't get me 
> wrong--the work involved is just difficult enough that I'm sure most 
> PL/SQL procedures are quite safe from being reversed, and what you get 
> back again will be kind of crummy code, so that's good enough for your 
> typical ISV.  But the security doesn't stand up to simple scrutiny, and a 
> highly visible open-source project doing the same quality of 
> implementation would receive seriously bad press for releasing something 
> so shoddy.  PostgreSQL would be compelled to name it something like 
> "half-assed obfuscation" in order to make it clear just how limited the 
> protection actually is, and then you've kind of lost the sales pitch that 
> motivated the feature in the first place.

I don't understand why this is so bloody difficult to implement:
Extend SECURITY DEFINER to include allowing only the definer to read
the code.

What more than that needs to be done to have honest to goodness secure

Bill Moran
Collaborative Fusion Inc.

Phone: 412-422-3463x4023

In response to


pgsql-www by date

Next:From: David FetterDate: 2008-09-16 00:50:25
Subject: Re: Obfuscated stored procedures (was Re: Oracle andPostgresql)
Previous:From: Scott MarloweDate: 2008-09-15 23:07:02
Subject: Re: Oracle and Postgresql

pgsql-general by date

Next:From: David FetterDate: 2008-09-16 00:30:38
Subject: Re: about partitioning
Previous:From: Warren BellDate: 2008-09-15 23:33:27
Subject: could not open file "pg_subtrans/0014": Invalid argument

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group