Roberts, Jon wrote:
Alvaro Herrera pointed out that pg_read_file requires superuser access which
these users won't have so revoking access to the function code should be
possible.
Joshua D. Drake suggested revoking pg_proc but that isn't the source code,
it just has the definition of the functions.
Actually I suggested using a obfuscation module.
If it isn't a feature today, what table has the source code in it? Maybe I
can revoke that.
If your pl is perl or plpgsql it will be in the prosrc (pro_src?) column
in pg_proc.
Joshua D. Drake
Jon
-----Original Message-----
From: Jonah H. Harris [mailto:jonah.harris@xxxxxxxxx]
Sent: Friday, December 14, 2007 3:04 PM
To: Bill Moran
Cc: Joshua D. Drake; Roberts, Jon; pgsql-performance@xxxxxxxxxxxxxx
Subject: Re: viewing source code
On Dec 14, 2007 2:03 PM, Bill Moran <wmoran@xxxxxxxxxxxxxxxxxxxxxxx>
wrote:
I disagree here. If they're connecting remotely to PG, they have no
direct access to the disk.
pg_read_file?
--
Jonah H. Harris, Sr. Software Architect | phone: 732.331.1324
EnterpriseDB Corporation | fax: 732.331.1301
499 Thornall Street, 2nd Floor | jonah.harris@xxxxxxxxxxxxxxxx
Edison, NJ 08837 | http://www.enterprisedb.com/
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
