On Tue, Sep 16, 2008 at 9:15 AM, Glyn Astill <glynastill@xxxxxxxxxxx> wrote: > > As much as I'm impressed with the "we do it properly or not at all" attitude, it'd be nice if there was an option to stop the casual user from viewing code. > > I'll admit to obfusicating bits and pieces using C, even though the function and everything it acts on are tied down with permissions. I understand in reality it provides no real extra security but somehow users being able to easily view something they don't have access to execute beyond it's name just feels wrong. This is one of those threads that reappears like magic every six months or so. The last round of discussion went longer than normal including a couple of routes to implementation. One big reason why nothing hasn't been done is that there is a decent 'low tech' obfuscation tactic already: remove select access from pg_proc to the user accounts in question and 'public'. This will essentially disable casual browsing of procedure code from user accounts. Any real solution should focus on: *) key management (any serious discussion with encryption starts here) *) other things you can do with function source besides encryption for example, take a look at one idea I had (not at all vetted, but a start): http://archives.postgresql.org/pgsql-performance/2007-12/msg00337.php merlin
