On Aug 9, 2007, at 4:34 PM, Peter Eisentraut wrote:
Am Donnerstag, 9. August 2007 16:09 schrieb Hans-Juergen Schoenig:
the idea is basically to hide codes - many companies want that and
ask for it again and again.
If you want to design a security feature, you need to offer a threat and risk
analysis, not just the whining of customers.
--
Peter Eisentraut
well, the complete analysis is easy - the solution is not.
currently we have basically no option to reduce access to the system tables. this would be hard anyway as we need those tables for basically all kinds of operations.
the problem here is that vendors of appliances don't want people to spider their codes. this is a fact - it is not the idea of open source to do so but bloody reality. in addition to that people are not willing to code everything in C just to hide.
so, there has to be a concept to achieve this for stored procedures somehow.
i am afraid the source level encryption is the easiest thing and most understandable thing to do.
so, better ideas are welcome.
hans
--
Cybertec Geschwinde & Schönig GmbH
Gröhrmühlgasse 26, 2700 Wiener Neustadt
Tel: +43/1/205 10 35 / 340
