Thread: Deployment of PostgreSQL Applications

Deployment of PostgreSQL Applications

From
"Mike Arace"
Date:
Hi everyone,

I'm working on a (sorry) closed source application which consists of Java
servlets, beans, and client applications talking to a postgresql database.
Now, lets say I'm interested in bundling this all together and selling it to
customers.

2 questions:

1) Is it legal to bundle Postgresql with another commercial application,
assuming the database will have to be significantly reconfigured and tuned?
(at the application level, not the source code level)  I read over the
licenses I could find on the site and they seemed to imply that the answer
was yes, but I'd like to reaffirm that.

2) More importantly, is it possible to prevent a customer from peeking into
said database once it is deployed on their machine?  A large part of what
makes my application proprietary is the data model in the database, and it'd
be tough to maintain a competative edge when everyone can see exactly how I
do things in the database by logging into their postgres account, adding
some users and changing permissions on their machine.  I really need to make
sure the database is bulletproof before I can begin deployment.

I' very new to postgresql and unix system administration in general, never
having secured a system or played with permissions much in the past.  Any
advice would be greatly appreciated.

Thanks,
Mike

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


Re: Deployment of PostgreSQL Applications

From
"Mitch Vincent"
Date:
> 2) More importantly, is it possible to prevent a customer from peeking
into
> said database once it is deployed on their machine?  A large part of what
> makes my application proprietary is the data model in the database, and
it'd
> be tough to maintain a competative edge when everyone can see exactly how
I
> do things in the database by logging into their postgres account, adding
> some users and changing permissions on their machine.  I really need to
make
> sure the database is bulletproof before I can begin deployment.

    If the people that have your application have physical access (or even
remote superuser access) to the machine on which the database resides then
there is little you could do to prevent a knowledgeable person from getting
anything he/she wanted from the database, circumventing the PostgreSQL
security measures by reading the information right off the disk... I don't
know how hard or easy it would be to get meaningful information this way but
it's always going to be possible when people have superuser/physical access
to the machine.

-Mitch



Re: Deployment of PostgreSQL Applications

From
Doug McNaught
Date:
"Mike Arace" <mikearace@hotmail.com> writes:

> 1) Is it legal to bundle Postgresql with another commercial application,
> assuming the database will have to be significantly reconfigured and tuned?
> (at the application level, not the source code level)  I read over the
> licenses I could find on the site and they seemed to imply that the answer
> was yes, but I'd like to reaffirm that.

Yes, the PG license is BSD, so you can do that.  IANAL, but there
shouldn't be any problem.

> 2) More importantly, is it possible to prevent a customer from peeking into
> said database once it is deployed on their machine?  A large part of what
> makes my application proprietary is the data model in the database, and it'd
> be tough to maintain a competative edge when everyone can see exactly how I
> do things in the database by logging into their postgres account, adding
> some users and changing permissions on their machine.  I really need to make
> sure the database is bulletproof before I can begin deployment.

Fat chance.  Give it up.

Think about it.  It's *their* machine.  They have root.  The PG file
format is, if not documented, reverse-engineerable from freely
available sources.  But they don't even need to do that, since they
can just 'su' to the Postgres user and do whatever.

Even with Oracle or another proprietary DB I don't think you could do
what you want to do, unless you sell them the box, keep root on it
yourself, never let them touch it, and make them go through a web/XML
interface for everything, in which case PG will do just as well.

If you want to prevent them peeking, use legal/contractual means,
because technical ones won't work.

Have fun.

-Doug
--
Free Dmitry Sklyarov!
http://www.freesklyarov.org/

We will return to our regularly scheduled signature shortly.

Re: Deployment of PostgreSQL Applications

From
Bruno Wolff III
Date:
On Fri, Aug 31, 2001 at 08:59:53AM -0400,
  Mike Arace <mikearace@hotmail.com> wrote:
>
> 2) More importantly, is it possible to prevent a customer from peeking into
> said database once it is deployed on their machine?  A large part of what
> makes my application proprietary is the data model in the database, and it'd
> be tough to maintain a competative edge when everyone can see exactly how I
> do things in the database by logging into their postgres account, adding
> some users and changing permissions on their machine.  I really need to make
> sure the database is bulletproof before I can begin deployment.

I don't think that the above is going to be technically possible if the code
is running on machines controlled by your users.

My guess is that either the database has to be run on your machines or
you need some contract that legally prevents your customers from telling
anyone about your data model.

Re: Deployment of PostgreSQL Applications

From
Alex Pilosov
Date:
On Fri, 31 Aug 2001, Mike Arace wrote:

> 1) Is it legal to bundle Postgresql with another commercial application,
> assuming the database will have to be significantly reconfigured and tuned?
> (at the application level, not the source code level)  I read over the
> licenses I could find on the site and they seemed to imply that the answer
> was yes, but I'd like to reaffirm that.
Yes.

> 2) More importantly, is it possible to prevent a customer from peeking into
> said database once it is deployed on their machine?  A large part of what
> makes my application proprietary is the data model in the database, and it'd
> be tough to maintain a competative edge when everyone can see exactly how I
> do things in the database by logging into their postgres account, adding
> some users and changing permissions on their machine.  I really need to make
> sure the database is bulletproof before I can begin deployment.
In general, answer is no. You could try to fake it by not giving customer
password for the database, but they could always poke around your app's
files, or boot postgres single-user. If you change postgres code that it
wouldn't boot singleuser, they can download postgres and recompile it,
removing that restriction.

Its 'security-through-obscurity'. You can prevent them from doing certain
things, but the fact of the matter is, they have the physical access to
the machine, and thus can read raw data on disk to find out what you are
doing.

-alex



Re: Deployment of PostgreSQL Applications

From
"Mikheev, Vadim"
Date:
> 1) Is it legal to bundle Postgresql with another commercial
> application,
> assuming the database will have to be significantly
> reconfigured and tuned?
> (at the application level, not the source code level)  I read
> over the
> licenses I could find on the site and they seemed to imply
> that the answer
> was yes, but I'd like to reaffirm that.

Yes.

> 2) More importantly, is it possible to prevent a customer
> from peeking into
> said database once it is deployed on their machine?  A large
> part of what
> makes my application proprietary is the data model in the
> database, and it'd
> be tough to maintain a competative edge when everyone can see
> exactly how I
> do things in the database by logging into their postgres
> account, adding
> some users and changing permissions on their machine.  I
> really need to make
> sure the database is bulletproof before I can begin deployment.

No way.

Vadim

Re: Deployment of PostgreSQL Applications

From
Martijn van Oosterhout
Date:
On Fri, Aug 31, 2001 at 08:59:53AM -0400, Mike Arace wrote:
> 2 questions:

I'll let someone else handle the first one.

> 2) More importantly, is it possible to prevent a customer from peeking into
> said database once it is deployed on their machine?  A large part of what
> makes my application proprietary is the data model in the database, and it'd
> be tough to maintain a competative edge when everyone can see exactly how I
> do things in the database by logging into their postgres account, adding
> some users and changing permissions on their machine.  I really need to make
> sure the database is bulletproof before I can begin deployment.

It's not really possible to hide a database schema. Once you've logged in,
all the information is there describing all the table and fields. This data
is used by the database itself to process your queries.

You could try to prevent logins into the database but if someone has root on
that machine that's really not hard to get around. At worst they could read
the database files directly.

Seriously though, I'm wondering about your situation, who owns the data in
the database? If it's your customer then shouldn't they have access to it?
You talk about the data model. Is it really such a special data model that
nobody else has thought of it before?

P.S. Fortunatly, you can't patent database schemas last time I checked so at
least the world is safe from that.

--
Martijn van Oosterhout <kleptog@svana.org>
http://svana.org/kleptog/
> It would be nice if someone came up with a certification system that
> actually separated those who can barely regurgitate what they crammed over
> the last few weeks from those who command secret ninja networking powers.

Re: Deployment of PostgreSQL Applications

From
"Steve Wolfe"
Date:
> > 2) More importantly, is it possible to prevent a customer from peeking
into
> > said database once it is deployed on their machine?

    ROT13 it, then threaten them with the DMCA.

  (Yes, that was a joke.)

steve



Re: Deployment of PostgreSQL Applications

From
Jason Earl
Date:
Not only is it impossible to keep systems
administrators from being able to "peek" into your
database, but those kind of controls tend to tick us
off.  After all, we get paid for watching out for
systems, developers that make our lives difficult do
not get our business.

What happens if we already have a PostgreSQL server
and want to use your software with it?  Or worse yet,
what happens when we install your software and it
installs another version of PostgreSQL on the machine
that conflicts with another version we already have
installed (they want to use the same port for
example)?

Normal systems administrators are not interested in
stealing your data model, but they probably will be
interested in reindexing tables manually, scripting a
backup, and other such tasks that require having
access to the table.  If you deny them access to the
database containing *their* data, then they will look
around for alternatives.  What's more, companies like
having access to the data model so that they can
integrate the software with other packages that they
might have.  Or does your software do *everything*.

Your competitors will be able to "borrow" your data
model no matter what you do.  There's no sense
aggravating your customers.

--- Mitch Vincent <mvincent@cablespeed.com> wrote:
> > 2) More importantly, is it possible to prevent a
> customer from peeking
> into
> > said database once it is deployed on their
> machine?  A large part of what
> > makes my application proprietary is the data model
> in the database, and
> it'd
> > be tough to maintain a competative edge when
> everyone can see exactly how
> I
> > do things in the database by logging into their
> postgres account, adding
> > some users and changing permissions on their
> machine.  I really need to
> make
> > sure the database is bulletproof before I can
> begin deployment.
>
>     If the people that have your application have
> physical access (or even
> remote superuser access) to the machine on which the
> database resides then
> there is little you could do to prevent a
> knowledgeable person from getting
> anything he/she wanted from the database,
> circumventing the PostgreSQL
> security measures by reading the information right
> off the disk... I don't
> know how hard or easy it would be to get meaningful
> information this way but
> it's always going to be possible when people have
> superuser/physical access
> to the machine.
>
> -Mitch
>
>
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 2: you can get off all lists at once with the
> unregister command
>     (send "unregister YourEmailAddressHere" to
majordomo@postgresql.org)


__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

Re: Deployment of PostgreSQL Applications

From
Mike Castle
Date:
On Fri, Aug 31, 2001 at 10:15:59AM -0400, Mitch Vincent wrote:
> > said database once it is deployed on their machine?  A large part of what
> > makes my application proprietary is the data model in the database, and
> > sure the database is bulletproof before I can begin deployment.
>
>     If the people that have your application have physical access (or even
> remote superuser access) to the machine on which the database resides then
> there is little you could do to prevent a knowledgeable person from getting
> anything he/she wanted from the database, circumventing the PostgreSQL

And as a note, this is not limited to PostgreSQL either.  The same
reasoning applies to Oracle, DB2, MS-SQL, and so on.

However, you may consider this:  some people view proprietary data models
like this as a negative thing, not a positive one.

Many times we've had to reverse engineer the data storage stuff because the
provided interface simply did not provide enough flexibility to accomplish
what was needed.  For those that had everything documented, those
enhancements went MUCH faster and much smoother.  For those that were
"hidden," life was hell.  And often those products were dropped.

mrc
--
     Mike Castle      dalgoda@ix.netcom.com      www.netcom.com/~dalgoda/
    We are all of us living in the shadow of Manhattan.  -- Watchmen
fatal ("You are in a maze of twisty compiler features, all different"); -- gcc

Re: Deployment of PostgreSQL Applications

From
Sean Chittenden
Date:
> 2) More importantly, is it possible to prevent a customer from peeking into
> said database once it is deployed on their machine?  A large part of what
> makes my application proprietary is the data model in the database, and it'd
> be tough to maintain a competative edge when everyone can see exactly how I
> do things in the database by logging into their postgres account, adding
> some users and changing permissions on their machine.  I really need to make
> sure the database is bulletproof before I can begin deployment.
>
> I' very new to postgresql and unix system administration in general, never
> having secured a system or played with permissions much in the past.  Any
> advice would be greatly appreciated.

As I've seen other people say, you most certainly can't.  The only thing
that you could do would be to obscure the fact that it's postgres.
Change the port number to the same as and Oracle installation...  do a
search and replace for the workd 'postgres' and change it to 'myapp'.
Just becareful you don't shoot yourself in the food.  ;)  -sc

--
Sean Chittenden

Re: Deployment of PostgreSQL Applications

From
Jeff Davis
Date:
On Friday 31 August 2001 05:59 am, you wrote:
> Hi everyone,
>
> I'm working on a (sorry) closed source application which consists of Java
> servlets, beans, and client applications talking to a postgresql database.
> Now, lets say I'm interested in bundling this all together and selling it
> to customers.
>
> 2 questions:
>
> 1) Is it legal to bundle Postgresql with another commercial application,
> assuming the database will have to be significantly reconfigured and tuned?
> (at the application level, not the source code level)  I read over the
> licenses I could find on the site and they seemed to imply that the answer
> was yes, but I'd like to reaffirm that.

I think so. The copyright notice might need to be somewhere... but BSD
lisence is pretty forgiving.

>
> 2) More importantly, is it possible to prevent a customer from peeking into
> said database once it is deployed on their machine?  A large part of what
> makes my application proprietary is the data model in the database, and
> it'd be tough to maintain a competative edge when everyone can see exactly
> how I do things in the database by logging into their postgres account,
> adding some users and changing permissions on their machine.  I really need
> to make sure the database is bulletproof before I can begin deployment.
>

It is not difficult to find myriad essays and casual opinions attacking such
a business model, but that wasn't your question (hey, if you have something
new it could certainly be justified to keep it secret a while). It's just a
matter of time anyway (open source now or later?).

Every piece of software *could* be reverse engineered; it sounds to me like
you want to hold it off long enough to make a buck or two (return on
investment, hopefully). Some simple stuff can go a long way towards this
goal. Maybe add a very small layer to all disk reads in postgres that uses a
weak (but fast) encryption method before it gets processed (maybe XOR
everything with alternating values?). For a quick method try making a wrapper
for the system read/write calls and do a search/replace on the source. That
way, the data on disk is unreadable. The encryption would be breakable by any
experienced programmer, but I think you already know that can happen anyway.
It all depends on how much time you want to spend.

One comment brought up the point that you may want to include automatic
maintainence (vacuum, reindexing) so the customers don't get too frustrated
:). Oh, and do use a different port as well as completely nonconflicting
setup.

> I' very new to postgresql and unix system administration in general, never
> having secured a system or played with permissions much in the past.  Any
> advice would be greatly appreciated.
>

I am sure you'll like it more the more you learn. Hopefully some of your
development efforts will be to improve postgres or some other project later
on (and contibuting it, of course).

Regards,
    Jeff Davis

> Thanks,
> Mike
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster