Re: WIP: plpgsql source code obfuscation - Mailing list pgsql-patches
From | Bruce Momjian |
---|---|
Subject | Re: WIP: plpgsql source code obfuscation |
Date | |
Msg-id | 200804070214.m372E1R26880@momjian.us Whole thread Raw |
In response to | WIP: plpgsql source code obfuscation ("Pavel Stehule" <pavel.stehule@gmail.com>) |
Responses |
Re: WIP: plpgsql source code obfuscation
|
List | pgsql-patches |
Added to TODO: o Add ability to obfuscate function bodies http://archives.postgresql.org/pgsql-patches/2008-01/msg00125.php --------------------------------------------------------------------------- Pavel Stehule wrote: > Hello > > this patch define new function flag - OBFUSCATE. With this flag > encrypted source code is stored to probin column. Password is stored > in GUC_SUPERUSER_ONLY item - it is similar security like SQL Server > does (where privileged users can access system tables with source code > or can use debugger). > > ToDo: Dump > > Sample: > > postgres=# show obfuscator_password; > obfuscator_password > ----------------------- > moje supertajne heslo > (1 row) > > postgres=# \x > Expanded display is on. > postgres=# create or replace function fx() returns int as $$begin > return -1; end; $$ language plpgsql; > CREATE FUNCTION > postgres=# \df+ fx > List of functions > -[ RECORD 1 ]-------+----------------------- > Schema | public > Name | fx > Result data type | integer > Argument data types | > Volatility | volatile > Owner | bob > Language | plpgsql > Source code | begin return -1; end; > Description | > > postgres=# ALTER FUNCTION fx() obfuscate; > NOTICE: begin return -1; end; > ALTER FUNCTION > postgres=# \df+ fx > List of functions > -[ RECORD 1 ]-------+--------- > Schema | public > Name | fx > Result data type | integer > Argument data types | > Volatility | volatile > Owner | bob > Language | plpgsql > Source code | - > Description | > > postgres=# select fx(); > -[ RECORD 1 ] > fx | -1 > > postgres=# create or replace function fx() returns int as $$begin > return -1; end; $$ language plpgsql obfuscate; > CREATE FUNCTION > postgres=# select fx(); > -[ RECORD 1 ] > fx | -1 > > postgres=# \df+ fx > List of functions > -[ RECORD 1 ]-------+--------- > Schema | public > Name | fx > Result data type | integer > Argument data types | > Volatility | volatile > Owner | bob > Language | plpgsql > Source code | - > Description | > > postgres=# select * from pg_proc where proname = 'fx'; > -[ RECORD 1 ]--+---------------------------------------------------------------------------- > proname | fx > pronamespace | 2200 > proowner | 16385 > prolang | 16421 > procost | 100 > prorows | 0 > proisagg | f > prosecdef | f > proisstrict | f > proretset | f > provolatile | v > pronargs | 0 > prorettype | 23 > proargtypes | > proallargtypes | > proargmodes | > proargnames | > prosrc | - > probin | > \231\003_\266\361\214}\231\240L/\020\232\036c\234\315P\236\266I\370\324\222 > proconfig | > proacl | > > > [pavel@okbob-bb ~]$ psql -U bob postgres > Welcome to psql 8.3RC2, the PostgreSQL interactive terminal. > > Type: \copyright for distribution terms > \h for help with SQL commands > \? for help with psql commands > \g or terminate with semicolon to execute query > \q to quit > > postgres=> \x > Expanded display is on. > postgres=> show obfuscator_password; > ERROR: must be superuser to examine "obfuscator_password" > postgres=> select fx(); > -[ RECORD 1 ] > fx | -1 > > postgres=> \df+ fx > List of functions > -[ RECORD 1 ]-------+--------- > Schema | public > Name | fx > Result data type | integer > Argument data types | > Volatility | volatile > Owner | bob > Language | plpgsql > Source code | - > Description | > > postgres=> select * from pg_proc where proname = 'fx'; > -[ RECORD 1 ]--+---------------------------------------------------------------------------- > proname | fx > pronamespace | 2200 > proowner | 16385 > prolang | 16421 > procost | 100 > prorows | 0 > proisagg | f > prosecdef | f > proisstrict | f > proretset | f > provolatile | v > pronargs | 0 > prorettype | 23 > proargtypes | > proallargtypes | > proargmodes | > proargnames | > prosrc | - > probin | > \231\003_\266\361\214}\231\240L/\020\232\036c\234\315P\236\266I\370\324\222 > proconfig | > proacl | [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 2: Don't 'kill -9' the postmaster -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
pgsql-patches by date: