| From: | Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bill Moran <wmoran(at)collaborativefusion(dot)com> |
| Cc: | David Fetter <david(at)fetter(dot)org>, Greg Smith <gsmith(at)gregsmith(dot)com>, Jonathan Bond-Caron <jbondc(at)openmv(dot)com>, 'Postgres General List' <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Obfuscated stored procedures (was Re: Oracle and Postgresql) |
| Date: | 2008-09-16 13:15:00 |
| Message-ID: | 21405.44191.qm@web25808.mail.ukl.yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-www |
> Because it's so full of obvious loopholes. Yes,
> it might slow down
> > someone who didn't have superuser access to the
> database or root access
> > to the machine it's on; but that doesn't count
> as secure really. The
> > problem is that the people who ask for this type of
> feature are usually
> > imagining that they can put their code on
> customer-controlled machines
> > and it will be safe from the customer's eyes.
> Well, it isn't, and
> > I don't think Postgres should encourage them to
> think it is.
>
As much as I'm impressed with the "we do it properly or not at all" attitude, it'd be nice if there was an option to stop the casual user from viewing code.
I'll admit to obfusicating bits and pieces using C, even though the function and everything it acts on are tied down with permissions. I understand in reality it provides no real extra security but somehow users being able to easily view something they don't have access to execute beyond it's name just feels wrong.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Glyn Astill | 2008-09-16 13:21:40 | Re: Index order |
| Previous Message | Oleg Bartunov | 2008-09-16 13:03:06 | Re: Index order |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2008-09-16 13:31:24 | Re: Obfuscated stored procedures (was Re: Oracle and Postgresql) |
| Previous Message | Bill Moran | 2008-09-16 12:40:45 | Re: Obfuscated stored procedures (was Re: Oracle and Postgresql) |