"Merlin Moncure" <mmoncure@gmail.com> writes:
> ... IIRC the general
> conclusion was that if you want to truly encrypt the sources for your
> functions, the basic idea is to create a new stored procedure language
> that wraps pl/pgsql and handles encryption there.
> This would be relatively easy to support as an external module, I think.
Yeah, I was about to make that same suggestion: it's not clear to me
that you need any support whatsoever from the core project for this.
Make a loadable PL "plpgsqlsec" or something like that that's just
a thin wrapper around the plpgsql call handler, and all it does is
decrypt the source text.
It's not clear exactly where the *en*cryption should happen, but
one possibility is to have the new PL have a validator function that
does an immediate UPDATE on the pg_proc row if the text isn't already
encrypted.
The encrypted representation would need to work like MD5 passwords:
it's ASCII so that dumps will work, and it's possible to tell whether a
given string is encrypted or not.
Given the very limited use-case for what's being suggested here,
I don't feel a need to put it in core.
regards, tom lane
