Is it possible yet in PostgreSQL to hide the source code of functions from
users based on role membership? I would like to avoid converting the code
to C to secure the source code and I don't want it obfuscated either.

In an ideal world, if a user can't modify a function, he/she shouldn't be
able to see the source code. If the user can execute the function, then the
user should be able to see the signature of the function but not the body.

Thanks!


Jon

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org

In response to "Roberts, Jon" <Jon.Roberts@asurion.com>:

> Is it possible yet in PostgreSQL to hide the source code of functions from
> users based on role membership? I would like to avoid converting the code
> to C to secure the source code and I don't want it obfuscated either.
>
> In an ideal world, if a user can't modify a function, he/she shouldn't be
> able to see the source code. If the user can execute the function, then the
> user should be able to see the signature of the function but not the body.

I doubt that's going to happen. Mainly because I disagree completely
with your ideal world description (any user who can execute a function
should have the right to examine it to see what it actually does).

I suspect that others would agree with me, the result being that there's
no universally-agreed-on approach. As a result, what _really_ needs to
be done is an extra permission bit added to functions so administrators
can control who can view the function body.

--
Bill Moran
Collaborative Fusion Inc.
http://people.collaborativefusion.com/~wmoran/

wmoran@collaborativefusion.com
Phone: 412-422-3463x4023

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly

Roberts, Jon <Jon.Roberts@asurion.com> schrieb:

> Is it possible yet in PostgreSQL to hide the source code of functions from
> users based on role membership? I would like to avoid converting the code
> to C to secure the source code and I don't want it obfuscated either.

Some days ago i have seen a pl/pgsql- code - obfuscator, iirc somewhere
under http://www.pgsql.cz/index.php/PostgreSQL, but i don't know how it
works, and i can't find the correkt link now, i'm sorry...

(maybe next week in the browser-history, my pc@work)


Andreas
--
Really, I'm not out to destroy Microsoft. That will just be a completely
unintentional side effect. (Linus Torvalds)
"If I was god, I would recompile penguin with --enable-fly." (unknow)
Kaufbach, Saxony, Germany, Europe. N 51.05082°, E 13.56889°

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

On Dec 14, 2007 4:24 PM, Andreas Kretschmer <akretschmer@spamfence.net> wrote:
> Some days ago i have seen a pl/pgsql- code - obfuscator, iirc somewhere
> under http://www.pgsql.cz/index.php/PostgreSQL, but i don't know how it
> works, and i can't find the correkt link now, i'm sorry...

I started one awhile ago... but it may have been part of my mass purge
for disk space. I searched that site and can't find one... but it
would be a nice-to-have for a lot of users. Of course, I know it's
easy to get around obfuscation, but it makes people *think* it's
secure, and as JD always says, it just makes it difficult for the
average user to understand what it's doing.

--
Jonah H. Harris, Sr. Software Architect | phone: 732.331.1324
EnterpriseDB Corporation | fax: 732.331.1301
499 Thornall Street, 2nd Floor | jonah.harris@enterprisedb.com
Edison, NJ 08837 | http://www.enterprisedb.com/

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq