Thread: ncoding "Table Name" and "Filed Name"

ncoding "Table Name" and "Filed Name"

From
Vikram A
Date:
Hello there,
I request you to give your commends on the following, 
1. We have planned to cipher our table name  and filed name [the necessary data will be ciphered with predefined functions with 'key']
2. This cipher functions will be our own code
3. Using these functions we can mange the applications

We are expecting following advantages through this, 
Unauthorized use either by the 
1. DB administrator
2. ex-developer Or
3. Any body  

My question is, DO i face any negative project management problems by doing this? Pleas share your experience on this aspect and commend our idea.
Thank you
Vikram A

Re: ncoding "Table Name" and "Filed Name"

From
"David Johnston"
Date:

 

We are expecting following advantages through this, 

Unauthorized use either by the 

1. DB administrator

2. ex-developer Or

3. Any body  

 

This why PostgreSQL has the concept of “ROLE”s…

 

The data, not the schema, is what needs to be secured…you are not preventing unauthorized use only making both it and authorized use more difficult.  It isn’t that hard to get the database to tell you all the table and field names then it is just a matter of issuing a “SELECT * FROM ….” to see/retrieve the data.

 

A rose is a rose by any other name…

 

For the people you do trust you are making them jump through lots of hoops in order to work with the schema.

 

David J.

Re: ncoding "Table Name" and "Filed Name"

From
Vikram A
Date:
Hi Mr. David,

Thanks for the comment. I understood, its more difficult to mange the schema; when schema itself written in jig jack. 
Vikram


From: David Johnston <polobo@yahoo.com>
To: 'Vikram A' <vikkiatbipl@yahoo.in>
Cc: pgsql-general@postgresql.org
Sent: Friday, 17 June 2011 7:00 PM
Subject: RE: [GENERAL] ncoding "Table Name" and "Filed Name"

 
We are expecting following advantages through this, 
Unauthorized use either by the 
1. DB administrator
2. ex-developer Or
3. Any body  
 
This why PostgreSQL has the concept of “ROLE”s…
 
The data, not the schema, is what needs to be secured…you are not preventing unauthorized use only making both it and authorized use more difficult.  It isn’t that hard to get the database to tell you all the table and field names then it is just a matter of issuing a “SELECT * FROM ….” to see/retrieve the data.
 
A rose is a rose by any other name…
 
For the people you do trust you are making them jump through lots of hoops in order to work with the schema.
 
David J.