| From: | Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM> |
|---|---|
| To: | Hans-Juergen Schoenig <postgres(at)cybertec(dot)at> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: crypting prosrc in pg_proc |
| Date: | 2007-08-09 14:50:53 |
| Message-ID: | 46BB29CD.1010003@sun.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hans-Juergen Schoenig napsal(a):
> the idea is basically to hide codes - many companies want that and ask
> for it again and again.
>
> i would suggest keys to reside in $PGDATA. we do this for SSL and so
> already.
>
> initdb could create such keys so that they are unique to every database
> instance.
> decrypting could be avoided as much as possible basically we should just
> decrypt on first all and when it changes.
But, Companies want to hide code also because they distribute their software. If
you store key somewhere on server, user will be able to decrypt the original
code. If I remember correctly Oracle wrap generates something like bytecode and
each Oracle installation is able to understand them. But It is not possible
decode it back to original form.
My suggestion is to extend PL API and each PL language should offer wrap or
encrypt function which generate encrypted code and this code will be store in
the pg_proc. PL language will be responsible to detect if it raw or crypted
code. PG_Dump will dump crypted procedure and author is responsible keep his
uncrypted version in source repository.
Zdenek
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Decibel! | 2007-08-09 14:53:24 | Re: GUC for default heap fillfactor |
| Previous Message | korry.douglas | 2007-08-09 14:47:43 | Re: crypting prosrc in pg_proc |