Thread: Obfuscated definitions of database objects

Obfuscated definitions of database objects

From

"Charles N. Charotti"

Date:

24 August 2007, 14:59:17

Hi Everybody,

I want to know if there is any plan in future versions
of PG to obfuscate the source code of some objects of
the database, specially the functions of the backend ?

I mean the text definition of each function or perhaps
even triggers of the database.

Just in case, somebody knows of an already existing
third party product that actually does it, please let
me know.

Regards,

Charles

     ______________________________________________ 
Pregunta, Responde, Descubre. 
Comparte tus consejos y opiniones con los usuarios de Yahoo! Respuestas 
http://es.answers.yahoo.com/info/welcome

Re: Obfuscated definitions of database objects

From

Josh Berkus

Date:

24 August 2007, 16:13:23

Charles,

> I want to know if there is any plan in future versions
> of PG to obfuscate the source code of some objects of
> the database, specially the functions of the backend ?
>
> I mean the text definition of each function or perhaps
> even triggers of the database.

Not seriously, no.  Security by obscurity is not terribly effective, so adding 
a method to conceal function defintions has never been a high priority for 
the project, especially as it would introduce multiple complications in other 
code.  The only thing we've seriously discussed is the possiblity of not 
displaying function definitions to roles which don't have any permissions on 
the function.  But I don't know anyone who's actually writing code for that.

Thing is, if you have a highly knowledgable hostile user who has a valid psql 
login then you have problems well beyond them seeing your function 
definitions.

But if you really think this is the strategy for your application, I suggest 
that you write your functions in C and compile them, which will give you some 
degree of obfuscation.  Or give SEPostgres a try if you really want to lock 
down your DB application.

-- 
Josh Berkus
PostgreSQL @ Sun
San Francisco

Re: Obfuscated definitions of database objects

From

Andrew Sullivan

Date:

24 August 2007, 16:18:07

On Fri, Aug 24, 2007 at 04:59:13PM +0200, Charles N. Charotti wrote:

> I want to know if there is any plan in future versions
> of PG to obfuscate the source code of some objects of
> the database, specially the functions of the backend ?

There have been requests for this, but AFAIK nobody has committed to
doing it.  

A

-- 
Andrew Sullivan  | ajs@crankycanuck.ca
In the future this spectacle of the middle classes shocking the avant-
garde will probably become the textbook definition of Postmodernism.                --Brad Holland

Re: Obfuscated definitions of database objects

From

"Joshua D. Drake"

Date:

24 August 2007, 16:43:51

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Charles N. Charotti wrote:
> Hi Everybody,
> 
> I want to know if there is any plan in future versions
> of PG to obfuscate the source code of some objects of
> the database, specially the functions of the backend ?

Functions in the backend written with most of the standard pl langauges
are interpreted. Thus no, they are plain text.

If you need obfuscation (and you don't, you just think you do, no
offense) use C.

Sincerely,

Joshua D. Drake



- --
     === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997  http://www.commandprompt.com/        UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzwrGATb/zqfZUUQRAphWAKCcq/RqRBabxKaqmaFHWbmqARITKgCfQcFg
Rg9u49kQcbVHz2ghhD3ZOd0=
=b+yg
-----END PGP SIGNATURE-----

Re: Obfuscated definitions of database objects

From

Andrew Dunstan

Date:

24 August 2007, 17:09:03


Charles N. Charotti wrote:
> Hi Everybody,
>
> I want to know if there is any plan in future versions
> of PG to obfuscate the source code of some objects of
> the database, specially the functions of the backend ?
>
> I mean the text definition of each function or perhaps
> even triggers of the database.
>
> Just in case, somebody knows of an already existing
> third party product that actually does it, please let
> me know.
>   

See http://archives.postgresql.org/pgsql-hackers/2007-08/msg00258.php 
for Tom Lane's suggestion of how to do this. And no, I can't see it ever 
being supported in core PostgreSQL.

cheers

andrew

Re: Obfuscated definitions of database objects

From

Florian Weimer

Date:

29 October 2007, 13:26:55

* Joshua D. Drake:

> If you need obfuscation (and you don't, you just think you do, no
> offense) use C.

Or put the relevant code into some package/module/whatever, stored on
the file system, and include that.

--
Florian Weimer                <fweimer@bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99