Anyone who's followed the support list for a decade or so knows that developers frequently ask how they can protect the source of their procedures. And, likewise, that the answer is that the esssence of the procedure is the BLR and must be readable to be used, so the best option is to mask the problem by setting the source to NULL. Beyond that, Carlos Cantu has unusual insight in that he offers a wealth of support and information for Firebird developers in Brazil, one of the countries that uses Firebird the most.
Nothing in Firebird uses the content of RDB$SOURCE fields except the code in ISQL that extracts schemas. Setting the source to null is not secure, but it is a technique that has been used widely for the whole history of Firebird. It's similar to the Java class obfuscators in that reverse compiling BLR isn't impossible, but it deters the lazy. That said, blocking user writes to the system tables is a good thing. Writeable system tables were a cute idea in the early eighties, using the database methods to run the database. In the wider world (and the world is much wider now) writeable system tables are a disaster waiting to happen. However, there's a cost to change, even change for the better. When possible, change should techniques that preserve current capabilities. How hard would it be to add clauses [WITH [OUT] SOURCE] to CREATE and ALTER statements plus [DROP SOURCE] to the ALTER statements? (Including, of course, RECREATE and all it's varients). If that would hold up V3, then promise it for 3.01 and let developers who worry about theft wait one release. Changing Firebird to a direct SQL engine won't be materially affected. As Mark Rotteveel noted, complex system objects are likely to have two representations - SQL source and partially compiled - for efficiency and to allow developers to hide their work. Cheers, Ann Don't get me started on encrypting the system tables, or I'll trot out the old politically incorrect story. ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
