Postgres Pro
Downloads
Home   >   mailing lists

Re: WIP: plpgsql source code obfuscation - Mailing list pgsql-patches

From Bruce Momjian
Subject Re: WIP: plpgsql source code obfuscation
Date
Msg-id 200804070214.m372E1R26880@momjian.us
Whole thread Raw
In response to WIP: plpgsql source code obfuscation  ("Pavel Stehule" <pavel.stehule@gmail.com>)
Responses Re: WIP: plpgsql source code obfuscation
List pgsql-patches
Tree view 
Added to TODO:

        o Add ability to obfuscate function bodies

          http://archives.postgresql.org/pgsql-patches/2008-01/msg00125.php


---------------------------------------------------------------------------

Pavel Stehule wrote:
> Hello
>
> this patch define new function flag - OBFUSCATE. With this flag
> encrypted source code is stored to probin column. Password is stored
> in GUC_SUPERUSER_ONLY item - it is similar security like SQL Server
> does (where privileged users can access system tables with source code
> or can use debugger).
>
> ToDo: Dump
>
> Sample:
>
> postgres=# show obfuscator_password;
>   obfuscator_password
> -----------------------
>  moje supertajne heslo
> (1 row)
>
> postgres=# \x
> Expanded display is on.
> postgres=# create or replace function fx() returns int as $$begin
> return -1; end; $$ language plpgsql;
> CREATE FUNCTION
> postgres=# \df+ fx
> List of functions
> -[ RECORD 1 ]-------+-----------------------
> Schema              | public
> Name                | fx
> Result data type    | integer
> Argument data types |
> Volatility          | volatile
> Owner               | bob
> Language            | plpgsql
> Source code         | begin return -1; end;
> Description         |
>
> postgres=# ALTER FUNCTION fx() obfuscate;
> NOTICE:  begin return -1; end;
> ALTER FUNCTION
> postgres=# \df+ fx
> List of functions
> -[ RECORD 1 ]-------+---------
> Schema              | public
> Name                | fx
> Result data type    | integer
> Argument data types |
> Volatility          | volatile
> Owner               | bob
> Language            | plpgsql
> Source code         | -
> Description         |
>
> postgres=# select fx();
> -[ RECORD 1 ]
> fx | -1
>
> postgres=# create or replace function fx() returns int as $$begin
> return -1; end; $$ language plpgsql obfuscate;
> CREATE FUNCTION
> postgres=# select fx();
> -[ RECORD 1 ]
> fx | -1
>
> postgres=# \df+ fx
> List of functions
> -[ RECORD 1 ]-------+---------
> Schema              | public
> Name                | fx
> Result data type    | integer
> Argument data types |
> Volatility          | volatile
> Owner               | bob
> Language            | plpgsql
> Source code         | -
> Description         |
>
> postgres=# select * from pg_proc where proname = 'fx';
> -[ RECORD 1 ]--+----------------------------------------------------------------------------
> proname        | fx
> pronamespace   | 2200
> proowner       | 16385
> prolang        | 16421
> procost        | 100
> prorows        | 0
> proisagg       | f
> prosecdef      | f
> proisstrict    | f
> proretset      | f
> provolatile    | v
> pronargs       | 0
> prorettype     | 23
> proargtypes    |
> proallargtypes |
> proargmodes    |
> proargnames    |
> prosrc         | -
> probin         |
> \231\003_\266\361\214}\231\240L/\020\232\036c\234\315P\236\266I\370\324\222
> proconfig      |
> proacl         |
>
>
> [pavel@okbob-bb ~]$ psql -U bob postgres
> Welcome to psql 8.3RC2, the PostgreSQL interactive terminal.
>
> Type:  \copyright for distribution terms
>        \h for help with SQL commands
>        \? for help with psql commands
>        \g or terminate with semicolon to execute query
>        \q to quit
>
> postgres=> \x
> Expanded display is on.
> postgres=> show obfuscator_password;
> ERROR:  must be superuser to examine "obfuscator_password"
> postgres=> select fx();
> -[ RECORD 1 ]
> fx | -1
>
> postgres=> \df+ fx
> List of functions
> -[ RECORD 1 ]-------+---------
> Schema              | public
> Name                | fx
> Result data type    | integer
> Argument data types |
> Volatility          | volatile
> Owner               | bob
> Language            | plpgsql
> Source code         | -
> Description         |
>
> postgres=> select * from pg_proc where proname = 'fx';
> -[ RECORD 1 ]--+----------------------------------------------------------------------------
> proname        | fx
> pronamespace   | 2200
> proowner       | 16385
> prolang        | 16421
> procost        | 100
> prorows        | 0
> proisagg       | f
> prosecdef      | f
> proisstrict    | f
> proretset      | f
> provolatile    | v
> pronargs       | 0
> prorettype     | 23
> proargtypes    |
> proallargtypes |
> proargmodes    |
> proargnames    |
> prosrc         | -
> probin         |
> \231\003_\266\361\214}\231\240L/\020\232\036c\234\315P\236\266I\370\324\222
> proconfig      |
> proacl         |

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: Don't 'kill -9' the postmaster

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

pgsql-patches by date:

Previous
From: Gregory Stark
Date:
Subject: Re: Database owner installable modules patch
Next
From: "Joshua D. Drake"
Date:
Subject: Re: WIP: plpgsql source code obfuscation