On 7/4/06, Joshua D. Drake <jd@xxxxxxxxxxxxxxxxx> wrote:
Although everything you say is accurate Jonah, it will cost more money to defang obfuscated code then non obfuscated code. Thus there is a financial detterant to stealing.
My bet is that it would take < 1 day to turn PL/pgSQL into a code generator, thereby making both the obfuscation and bytecode methods practically worthless. I agree with Tom... if you want to hide the code just write it in C. Of course, you could always take the "proprietary" shell script approach and hide the PL/pgSQL in C code so that, upon execution, the C code generates and calls the PL/pgSQL function and removes it on exit... but still, it wouldn't really be that hard to get around it. I've used Oracle's wrap utility on several products, but I've never really felt that it secured our code... just made it *very* difficult to decompile. I've never used obfuscation because I know how easy it is to hack one of the C or Java compilers to make the code much more readable and understandable. Just my 2 cents... but if someone wants to add obfuscation functionality to PL/pgSQL, by all means go for it. -- Jonah H. Harris, Software Architect | phone: 732.331.1300 EnterpriseDB Corporation | fax: 732.331.1301 33 Wood Ave S, 2nd Floor | jharris@xxxxxxxxxxxxxxxx Iselin, New Jersey 08830 | http://www.enterprisedb.com/
