> -----Original Message-----
> From: Joshua D. Drake [mailto:jd@commandprompt.com]
> Sent: Thursday, December 20, 2007 10:40 AM
> To: Roberts, Jon
> Cc: 'Trevor Talbot'; Kris Jurka; Merlin Moncure; Jonah H. Harris; Bill
> Moran; pgsql-performance@postgresql.org
> Subject: Re: [PERFORM] viewing source code
>
> Roberts, Jon wrote:
> >
> >
> > This really is a needed feature to make PostgreSQL more attractive to
> > businesses. A more robust security model that better follows commercial
> > products is needed for adoption.
> >
>
> I would argue that commercial products need to get a clue and stop
> playing bondage with their users to help stop their imminent and frankly
> obvious downfall from the Open Source competition.
>
> This "feature" as it is called can be developed externally and has zero
> reason to exist within PostgreSQL. If the feature has the level of
> demand that people think that it does, then the external project will be
> very successful and that's cool.
>
I am obviously hitting on the nerve of the open source community because it
contradicts the notion that all source code should be open. However, data
needs to be protected. I don't want to share with the world my social
security number. I also don't want to share with the world my code I use to
manipulate data. My code is an extension of the data and is useless without
data.
Businesses use databases like crazy. Non-technical people write their own
code to analyze data. The stuff they write many times is as valuable as the
data itself and should be protected like the data. They don't need or want
many times to go through a middle tier to analyze data or through the hassle
to obfuscate the code.
I think it is foolish to not make PostgreSQL as feature rich when it comes
to security as the competition because you are idealistic when it comes to
the concept of source code. PostgreSQL is better in many ways to MS SQL
Server and equal to many features of Oracle but when it comes to security,
it is closer to MS Access.
Jon