Greg Smith <gsmith@xxxxxxxxxxxxx> wrote: > > The problem here is that the PostgreSQL community is fully aware how bogus > any encryption method is and doesn't even bother, while Oracle is > perfectly happy selling a solution that is easily bypassed. Don't get me > wrong--the work involved is just difficult enough that I'm sure most > PL/SQL procedures are quite safe from being reversed, and what you get > back again will be kind of crummy code, so that's good enough for your > typical ISV. But the security doesn't stand up to simple scrutiny, and a > highly visible open-source project doing the same quality of > implementation would receive seriously bad press for releasing something > so shoddy. PostgreSQL would be compelled to name it something like > "half-assed obfuscation" in order to make it clear just how limited the > protection actually is, and then you've kind of lost the sales pitch that > motivated the feature in the first place. I don't understand why this is so bloody difficult to implement: Extend SECURITY DEFINER to include allowing only the definer to read the code. What more than that needs to be done to have honest to goodness secure procedures? -- Bill Moran Collaborative Fusion Inc. wmoran@xxxxxxxxxxxxxxxxxxxxxxx Phone: 412-422-3463x4023
