On Sep 25, 2008, at 1:05 PM, Casey Allen Shobe wrote:
> As for the expectation above - could pl/pgsql be made compilable?
Without getting into the argument as to the level of security
provided, it strikes me that a reasonable approach would be a non-
core pluggable language which accepts encrypted strings as functions,
decrypts them (using a key compiled into the language module), and
passes them on to PL/pgSQL for execution. This would keep the
functionality out of core, allow the developer who distributes the
code to plop in their own key and distribute the code as a compiled
module, and minimizes reimplementation.
This would, of course, be easily hacked with someone who can step
through the language module with a debugger, but I don't see any
reasonable way of preventing someone with that level of access from
breaking the code without OS-level support.
