Obfuscated definitions of database objects

Charles,

I want to know if there is any plan in future versions
of PG to obfuscate the source code of some objects of
the database, specially the functions of the backend ?

I mean the text definition of each function or perhaps
even triggers of the database.

Not seriously, no. Security by obscurity is not terribly effective, so adding
a method to conceal function defintions has never been a high priority for
the project, especially as it would introduce multiple complications in other
code. The only thing we've seriously discussed is the possiblity of not
displaying function definitions to roles which don't have any permissions on
the function. But I don't know anyone who's actually writing code for that.

Thing is, if you have a highly knowledgable hostile user who has a valid psql
login then you have problems well beyond them seeing your function
definitions.

But if you really think this is the strategy for your application, I suggest
that you write your functions in C and compile them, which will give you some
degree of obfuscation. Or give SEPostgres a try if you really want to lock
down your DB application.

--
Josh Berkus
PostgreSQL @ Sun
San Francisco

On Fri, Aug 24, 2007 at 04:59:13PM +0200, Charles N. Charotti wrote:

I want to know if there is any plan in future versions
of PG to obfuscate the source code of some objects of
the database, specially the functions of the backend ?

There have been requests for this, but AFAIK nobody has committed to
doing it.

A

--
Andrew Sullivan | ajs@crankycanuck.ca
In the future this spectacle of the middle classes shocking the avant-
garde will probably become the textbook definition of Postmodernism.
--Brad Holland

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Charles N. Charotti wrote:

Hi Everybody,

I want to know if there is any plan in future versions
of PG to obfuscate the source code of some objects of
the database, specially the functions of the backend ?

Functions in the backend written with most of the standard pl langauges
are interpreted. Thus no, they are plain text.

If you need obfuscation (and you don't, you just think you do, no
offense) use C.

Sincerely,

Joshua D. Drake

- --

=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997 http://www.commandprompt.com/
UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzwrGATb/zqfZUUQRAphWAKCcq/RqRBabxKaqmaFHWbmqARITKgCfQcFg
Rg9u49kQcbVHz2ghhD3ZOd0=
=b+yg
-----END PGP SIGNATURE-----

Charles N. Charotti wrote:

Hi Everybody,

I want to know if there is any plan in future versions
of PG to obfuscate the source code of some objects of
the database, specially the functions of the backend ?

I mean the text definition of each function or perhaps
even triggers of the database.

Just in case, somebody knows of an already existing
third party product that actually does it, please let
me know.

See http://archives.postgresql.org/pgsql-hackers/2007-08/msg00258.php
for Tom Lane's suggestion of how to do this. And no, I can't see it ever
being supported in core PostgreSQL.

cheers

andrew

* Joshua D. Drake:

If you need obfuscation (and you don't, you just think you do, no
offense) use C.

Or put the relevant code into some package/module/whatever, stored on
the file system, and include that.

--
Florian Weimer <fweimer@bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99