David, > That some "larger organizations" choose to use the known-unsafe method > of security by obscurity is not a reason for anybody here to expend > any effort helping them persist in this illusion: quite the opposite, > in fact. "Larger organizations" are likely to have security needs > which they actually need to address, not to pretend they've addressed > while actually making things easy for attackers.
Hmmm, I agree with Merlin, I think. It would be nice if users who didn't have permission to EXECUTE functions couldn't view their code, either. This would probably carry a performance penalty, though. Users with EXECUTE permission not being able to see code just isn't practical; we support too many interpreted languages. If this is a concern, use C functions and compile binaries. That's secure. -- Josh Berkus Aglio Database Solutions San Francisco ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly