Re: crypting prosrc in pg_proc - Mailing list pgsql-hackers

From Zdenek Kotala
Subject Re: crypting prosrc in pg_proc
Date
Msg-id 46BB29CD.1010003@sun.com
Whole thread Raw
In response to Re: crypting prosrc in pg_proc  (Hans-Juergen Schoenig <postgres@cybertec.at>)
Responses Re: crypting prosrc in pg_proc
Re: crypting prosrc in pg_proc
Re: crypting prosrc in pg_proc
List pgsql-hackers
Hans-Juergen Schoenig napsal(a):
> the idea is basically to hide codes - many companies want that and ask 
> for it again and again.
> 
> i would suggest keys to reside in $PGDATA. we do this for SSL and so 
> already.
> 
> initdb could create such keys so that they are unique to every database 
> instance.
> decrypting could be avoided as much as possible basically we should just 
> decrypt on first all and when it changes.

But, Companies want to hide code also because they distribute their software. If 
you store key somewhere on server, user will be able to decrypt the original 
code.  If I remember correctly Oracle wrap generates something like bytecode and 
each Oracle installation is able to understand them. But It is not possible 
decode it back to original form.


My suggestion is to extend PL API and each PL language should offer wrap or 
encrypt function which generate encrypted code and this code will be store in 
the pg_proc. PL language will be responsible to detect if it raw or crypted 
code. PG_Dump will dump crypted procedure and author is responsible keep his 
uncrypted version in source repository.

    Zdenek


pgsql-hackers by date:

Previous
From: Decibel!
Date:
Subject: Re: HOT patch, missing things
Next
From: Decibel!
Date:
Subject: Re: GUC for default heap fillfactor