Re: WIP: plpgsql source code obfuscation - Mailing list pgsql-patches

From Tom Lane
Subject Re: WIP: plpgsql source code obfuscation
Date
Msg-id 4424.1201543128@sss.pgh.pa.us
Whole thread Raw
In response to Re: WIP: plpgsql source code obfuscation  (Andrew Dunstan <andrew@dunslane.net>)
Responses Re: WIP: plpgsql source code obfuscation
Re: WIP: plpgsql source code obfuscation
List pgsql-patches
Andrew Dunstan <andrew@dunslane.net> writes:
> Maybe a better TODO would be to do this task in the way that has
> previously been suggested:
> http://archives.postgresql.org/pgsql-hackers/2007-08/msg00258.php
> I'm certainly not happy about any proposal to put a password/key in a
> GUC var - that strikes me as a major footgun.

We didn't really have a better solution to the key management problem,
though, did we?  At least I don't see anything about it in that thread.

However, I definitely agree that a separate loadable PL is the way to go
for functionality of this sort.  There is no way that a dependency on
pgcrypto is going to be accepted into core, not even in the (ahem)
obfuscated way that it's presented here.

            regards, tom lane

pgsql-patches by date:

Previous
From: "Pavel Stehule"
Date:
Subject: Re: WIP: plpgsql source code obfuscation
Next
From: "Pavel Stehule"
Date:
Subject: Re: WIP: plpgsql source code obfuscation