Re: WIP: plpgsql source code obfuscation - Mailing list pgsql-patches

From Andrew Dunstan
Subject Re: WIP: plpgsql source code obfuscation
Date
Msg-id 479DECFC.7070502@dunslane.net
Whole thread Raw
In response to WIP: plpgsql source code obfuscation  ("Pavel Stehule" <pavel.stehule@gmail.com>)
Responses Re: WIP: plpgsql source code obfuscation  ("Pavel Stehule" <pavel.stehule@gmail.com>)
Re: WIP: plpgsql source code obfuscation  (Gregory Stark <stark@enterprisedb.com>)
Re: WIP: plpgsql source code obfuscation  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-patches

Pavel Stehule wrote:
> Hello
>
> this patch define new function flag - OBFUSCATE. With this flag
> encrypted source code is stored to probin column. Password is stored
> in GUC_SUPERUSER_ONLY item - it is similar security like SQL Server
> does (where privileged users can access system tables with source code
> or can use debugger)
>
> ToDo: Dump
>

Maybe a better TODO would be to do this task in the way that has
previously been suggested:
http://archives.postgresql.org/pgsql-hackers/2007-08/msg00258.php

I'm certainly not happy about any proposal to put a password/key in a
GUC var - that strikes me as a major footgun.

cheers

andrew



pgsql-patches by date:

Previous
From: "Pavel Stehule"
Date:
Subject: Re: WIP: plpgsql source code obfuscation
Next
From: "Pavel Stehule"
Date:
Subject: Re: WIP: plpgsql source code obfuscation