-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 14 Dec 2007 11:18:49 -0500
Bill Moran <wmoran@collaborativefusion.com> wrote:
> > That is like saying anyone that has rights to call a web service
> > should be able to see the source code for it.
>
> I think that's a good idea. If vendors were forced publish their
> code, we'd have less boneheaded security breaches.
Not all closed source code is subject to boneheaded security breaches.
I believe that this individuals request is a valid one from a business
requirements perspective.
>
> > There should be the ability to create
> > some level of abstraction when appropriate.
>
> I agree. If vendors want to have boneheaded security breaches, they
> should be allowed.
It is not up to your or me to make the determination of what people are
able to do with their code.
>
> > However, in the current configuration, all users with permission to
> > log in can see all source code. They don't have rights to execute
> > the functions but they can see the source code for them. Shouldn't
> > I be able to revoke both the ability to execute and the ability to
> > see functions?
Yes and know. If your functions are interpreted then no, I don't see
any reason for this feature, e.g; python,perl,plpgsql,sql,ruby. I can
read them on disk anyway.
If you want to obfuscate your code I suggest you use a compilable form
or a code obfuscation module for your functions (which can be had for
at least python, I am sure others as well).
Sincerely,
Joshua D. Drake
- --
The PostgreSQL Company: Since 1997, http://www.commandprompt.com/
Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
SELECT 'Training', 'Consulting' FROM vendor WHERE name = 'CMD'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHYrejATb/zqfZUUQRAjd7AJ9iCqsvsB/7FfvUeLkpCUZ4/14/+wCcCD+w
Z4kjQ44yOgfR4ph0SKkUuUI=
=v3Fz
-----END PGP SIGNATURE-----
