Re: Hide source code - Mailing list pgsql-hackers

From Josh Berkus
Subject Re: Hide source code
Date
Msg-id 200507110927.19571.josh@agliodbs.com
Whole thread Raw
In response to Re: Hide source code  (David Fetter <david@fetter.org>)
Responses Re: Hide source code
List pgsql-hackers
David,

> That some "larger organizations" choose to use the known-unsafe method
> of security by obscurity is not a reason for anybody here to expend
> any effort helping them persist in this illusion: quite the opposite,
> in fact.  "Larger organizations" are likely to have security needs
> which they actually need to address, not to pretend they've addressed
> while actually making things easy for attackers.

Hmmm, I agree with Merlin, I think.  It would be nice if users who didn't have 
permission to EXECUTE functions couldn't view their code, either. This would 
probably carry a performance penalty, though.

Users with EXECUTE permission not being able to see code just isn't practical; 
we support too many interpreted languages.  If this is a concern, use C 
functions and compile binaries.  That's secure.

-- 
Josh Berkus
Aglio Database Solutions
San Francisco


pgsql-hackers by date:

Previous
From: Ferruccio Zamuner
Date:
Subject: Re: fetch_search_path() and elog.c
Next
From: Marko Kreen
Date:
Subject: Re: 4 pgcrypto regressions failures - 1 unsolved