David,

> That some "larger organizations" choose to use the known-unsafe method
> of security by obscurity is not a reason for anybody here to expend
> any effort helping them persist in this illusion: quite the opposite,
> in fact. "Larger organizations" are likely to have security needs
> which they actually need to address, not to pretend they've addressed
> while actually making things easy for attackers.

Hmmm, I agree with Merlin, I think. It would be nice if users who didn't have
permission to EXECUTE functions couldn't view their code, either. This would
probably carry a performance penalty, though.

Users with EXECUTE permission not being able to see code just isn't practical;
we support too many interpreted languages. If this is a concern, use C
functions and compile binaries. That's secure.

--
Josh Berkus
Aglio Database Solutions
San Francisco

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly