On Tue, Sep 16, 2008 at 9:15 AM, Glyn Astill <[EMAIL PROTECTED]> wrote: > > As much as I'm impressed with the "we do it properly or not at all" attitude, > it'd be nice if there was an option to stop the casual user from viewing code. > > I'll admit to obfusicating bits and pieces using C, even though the function > and everything it acts on are tied down with permissions. I understand in > reality it provides no real extra security but somehow users being able to > easily view something they don't have access to execute beyond it's name just > feels wrong.
This is one of those threads that reappears like magic every six months or so. The last round of discussion went longer than normal including a couple of routes to implementation. One big reason why nothing hasn't been done is that there is a decent 'low tech' obfuscation tactic already: remove select access from pg_proc to the user accounts in question and 'public'. This will essentially disable casual browsing of procedure code from user accounts. Any real solution should focus on: *) key management (any serious discussion with encryption starts here) *) other things you can do with function source besides encryption for example, take a look at one idea I had (not at all vetted, but a start): http://archives.postgresql.org/pgsql-performance/2007-12/msg00337.php merlin -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
