Re: viewing source code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Dec 20, 2007 11:30 AM, Roberts, Jon <Jon.Roberts@xxxxxxxxxxx> wrote:
> > -----Original Message-----
> > From: Merlin Moncure [mailto:mmoncure@xxxxxxxxx]
> > Sent: Thursday, December 20, 2007 8:30 AM
> > To: Roberts, Jon
> > Cc: Alvaro Herrera; Trevor Talbot; Joshua D. Drake; Kris Jurka; Jonah H.
> > Harris; Bill Moran; pgsql-performance@xxxxxxxxxxxxxx
> > Subject: Re:  viewing source code
> >
>
> > On Dec 20, 2007 9:07 AM, Roberts, Jon <Jon.Roberts@xxxxxxxxxxx> wrote:
> > > So your suggestion is first to come up with a query that dynamically
> > checks
> > > permissions and create a view for it.  Secondly, change pgAdmin to
> > reference
> > > this view in place of pg_proc.  Actually, it should be extended to all
> >
> > This solution will not work.  It requires cooperation from pgAdmin
> > which is not going to happen and does nothing about psql or direct
> > queries from within pgadmin.  Considered from a security/obfuscation
> > perspective,  its completely ineffective.  As I've said many times,
> > there are only two solutions to this problem:
> >
> > 1. disable permissions to pg_proc and deal with the side effects
> > (mainly, pgadmin being broken).
> >
> > 2. wrap procedure languages in encrypted handler (pl/pgsql_s) so that
> > the procedure code is encrypted in pg_proc.  this is an ideal
> > solution, but the most work.
> >
>
> I think there is an option 3.  Enhance the db to have this feature built in
> which is more inline with commercial databases.  This feature would drive
> adoption of PostgreSQL.  It isn't feasible in most companies to allow
> everyone with access to the database to view all code written by anyone and
> everyone.

option 3 is really option 2. having this option is all the flexibility
you need.  i understand in certain cases you want to prevent code from
being available to see from certain users, but i don't buy the
adoption argument...most people dont actually become aware of
implications of pg_proc until after development has started.  simply
having a choice, either directly community supported or maintained
outside in pgfoundry should be enough.  in the majority of cases, who
can see the code doesn't matter.

i do however strongly disagree that hiding the code is bad in
principle... i was in the past  in this exact situation for business
reasons out of my control (this is why I know the pgadmin route wont
work, i've chased down that angle already), so i'm highly sympathetic
to people who need to do this.  i opted for revoke from pg_proc route,
which, while crude was highly effective.

merlin

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

[Postgresql General]     [Postgresql PHP]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Yosemite]

  Powered by Linux