On Thu, Aug 09, 2007 at 04:34:48PM +0200, Peter Eisentraut wrote: > Am Donnerstag, 9. August 2007 16:09 schrieb Hans-Juergen Schoenig: > > the idea is basically to hide codes - many companies want that and ? > > ask for it again and again. > > If you want to design a security feature, you need to offer a threat and risk > analysis, not just the whining of customers.
This isn't as much a security feature as a means for people to keep their code private. To some degree you could just get away with storing nothing but a parsed representation of the code, though of course someone could always decompile that. There's a non-trivial amount of work involved in handling key management, etc, so I think we don't want to try and build that in. What would be interesting is providing hooks for en/decrypting function code and having the backend call those hooks as appropriate. That should allow someone to develop the ability to encrypt the code in the database outside of the backend. -- Decibel!, aka Jim Nasby [EMAIL PROTECTED] EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)
pgpZN0BTyzThA.pgp
Description: PGP signature
