Re: viewing source code - Mailing list pgsql-performance

From Tom Lane
Subject Re: viewing source code
Date
Msg-id 20377.1198191718@sss.pgh.pa.us
Whole thread Raw
In response to Re: viewing source code  ("Merlin Moncure" <mmoncure@gmail.com>)
Responses Re: viewing source code
Re: viewing source code
Re: viewing source code
List pgsql-performance
"Merlin Moncure" <mmoncure@gmail.com> writes:
> I don't really agree that wrapping pl/pgsql with encryptor/decryptor
> is a bad idea.

It's quite a good idea, because it has more than zero chance of
succeeding politically in the community.

The fundamental reason why preventing access to pg_proc.prosrc won't
happen is this: all the pain (and there will be plenty) will be
inflicted on people who get none of the benefit (because they don't give
a damn about hiding their own functions' code).  The folks who want
function hiding can shout all they want, but as long as there is a very
sizable fraction of the community who flat out *don't* want it, it's
not going to get applied.

Encrypted function bodies avoid this problem because they inflict no
performance penalty, operational complexity, or client-code breakage
on people who don't use the feature.  They are arguably also a better
solution because they can guard against more sorts of threats than
a column-hiding solution can.

I don't deny that the key-management problem is interesting, but it
seems soluble; moreover, the difficulties that people have pointed to
are nothing but an attempt to move the goalposts, because they
correspond to requirements that a column-hiding solution would never
meet at all.

So if you want something other than endless arguments to happen,
come up with a nice key-management design for encrypted function
bodies.

            regards, tom lane

pgsql-performance by date:

Previous
From: "Merlin Moncure"
Date:
Subject: Re: viewing source code
Next
From: "Harald Armin Massa"
Date:
Subject: Re: viewing source code