| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Merlin Moncure <mmoncure(at)gmail(dot)com> |
| Cc: | glynastill(at)yahoo(dot)co(dot)uk, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bill Moran <wmoran(at)collaborativefusion(dot)com>, David Fetter <david(at)fetter(dot)org>, Greg Smith <gsmith(at)gregsmith(dot)com>, Jonathan Bond-Caron <jbondc(at)openmv(dot)com>, Postgres General List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Obfuscated stored procedures (was Re: Oracle and Postgresql) |
| Date: | 2008-09-23 19:52:29 |
| Message-ID: | 200809231952.m8NJqTP05977@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-www |
Added to TODO under features not wanted:
Incomplete itemObfuscated function source code (not wanted)
Obfuscating function source code has minimal protective benefits
because anyone with super-user access can find a way to view the code.
To prevent non-super-users from viewing function source code, remove
SELECT permission on pg_proc.
---------------------------------------------------------------------------
Merlin Moncure wrote:
> On Tue, Sep 16, 2008 at 9:15 AM, Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk> wrote:
> >
> > As much as I'm impressed with the "we do it properly or not at all" attitude, it'd be nice if there was an option to stop the casual user from viewing code.
> >
> > I'll admit to obfusicating bits and pieces using C, even though the function and everything it acts on are tied down with permissions. I understand in reality it provides no real extra security but somehow users being able to easily view something they don't have access to execute beyond it's name just feels wrong.
>
> This is one of those threads that reappears like magic every six
> months or so. The last round of discussion went longer than normal
> including a couple of routes to implementation.
>
> One big reason why nothing hasn't been done is that there is a decent
> 'low tech' obfuscation tactic already: remove select access from
> pg_proc to the user accounts in question and 'public'. This will
> essentially disable casual browsing of procedure code from user
> accounts.
>
> Any real solution should focus on:
> *) key management (any serious discussion with encryption starts here)
> *) other things you can do with function source besides encryption
>
> for example, take a look at one idea I had (not at all vetted, but a start):
> http://archives.postgresql.org/pgsql-performance/2007-12/msg00337.php
>
> merlin
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2008-09-23 20:09:14 | Re: [GENERAL] 8.3.4 rpms for Opensuse10.3 64bit |
| Previous Message | Peter Eisentraut | 2008-09-23 19:48:31 | Re: [GENERAL] 8.3.4 rpms for Opensuse10.3 64bit |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Treat | 2008-09-24 02:44:41 | Re: Bad link for win32/latest |
| Previous Message | Josh Berkus | 2008-09-23 18:08:58 | Bad link for win32/latest |