> On Sun, Jul 10, 2005 at 04:26:26AM -0300, M?rcio A. Sepp wrote:
> > Hi,
> >
> > I'm looking for a way to hide the souce code of my system
> > (functions).
> >
> > In Oracle, I can wrap it. Is there something that I can use to hide
> > and/or wrap my source code?
>
> If you have code that you don't want people to take, use the copyright
> and license system, which works, not the obfuscation system, which is
> amazingly fragile. And besides, what's so embarrassing about this
> code that you don't want people to see it?

This was discusses extensively in the archives about a month ago.
Actually it is possible to 'hide' the source code so that a database
user can't view it (or anything else) in psql by manipulating system
schema permissions.

Regardless of your philosophical standpoint, many larger organizations
will feel uncomfortable with having unprivileged users having access to
all the database procedure source code.

Merlin

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly

On Mon, Jul 11, 2005 at 07:59:44AM -0400, Merlin Moncure wrote:
> > On Sun, Jul 10, 2005 at 04:26:26AM -0300, M?rcio A. Sepp wrote:
> > > Hi,
> > >
> > > I'm looking for a way to hide the souce code of my system
> > > (functions).
> > >
> > > In Oracle, I can wrap it. Is there something that I can use to
> > > hide and/or wrap my source code?
> >
> > If you have code that you don't want people to take, use the
> > copyright and license system, which works, not the obfuscation
> > system, which is amazingly fragile. And besides, what's so
> > embarrassing about this code that you don't want people to see it?
>
> This was discusses extensively in the archives about a month ago.
> Actually it is possible to 'hide' the source code so that a database
> user can't view it (or anything else) in psql by manipulating system
> schema permissions.

Interesting. Again, this is pretty fragile with respect to, for
example, pg_dump(all).

> Regardless of your philosophical standpoint, many larger
> organizations will feel uncomfortable with having unprivileged users
> having access to all the database procedure source code.

That some "larger organizations" choose to use the known-unsafe method
of security by obscurity is not a reason for anybody here to expend
any effort helping them persist in this illusion: quite the opposite,
in fact. "Larger organizations" are likely to have security needs
which they actually need to address, not to pretend they've addressed
while actually making things easy for attackers.

Cheers,
D
--
David Fetter david@fetter.org http://fetter.org/
phone: +1 510 893 6100 mobile: +1 415 235 3778

Remember to vote!

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly

David,

> That some "larger organizations" choose to use the known-unsafe method
> of security by obscurity is not a reason for anybody here to expend
> any effort helping them persist in this illusion: quite the opposite,
> in fact. "Larger organizations" are likely to have security needs
> which they actually need to address, not to pretend they've addressed
> while actually making things easy for attackers.

Hmmm, I agree with Merlin, I think. It would be nice if users who didn't have
permission to EXECUTE functions couldn't view their code, either. This would
probably carry a performance penalty, though.

Users with EXECUTE permission not being able to see code just isn't practical;
we support too many interpreted languages. If this is a concern, use C
functions and compile binaries. That's secure.

--
Josh Berkus
Aglio Database Solutions
San Francisco

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly

On Mon, Jul 11, 2005 at 09:27:19AM -0700, Josh Berkus wrote:
> David,
>
> > That some "larger organizations" choose to use the known-unsafe
> > method of security by obscurity is not a reason for anybody here
> > to expend any effort helping them persist in this illusion: quite
> > the opposite, in fact. "Larger organizations" are likely to have
> > security needs which they actually need to address, not to pretend
> > they've addressed while actually making things easy for attackers.
>
> Hmmm, I agree with Merlin, I think. It would be nice if users who
> didn't have permission to EXECUTE functions couldn't view their
> code, either.

Why?

> This would probably carry a performance penalty, though.

> Users with EXECUTE permission not being able to see code just isn't
> practical; we support too many interpreted languages. If this is a
> concern, use C functions and compile binaries. That's secure.

With all due respect, it's not even *close* to secure. There are
plenty of tools out there that allow a person to de-compile a shared
library. A lot of people have learned the hard way over the decades
that any security measure that depends on the attacker's not knowing
the implementation details is fragile, often disastrously so, e.g. the
Enigma machine & friends.

There is no good reason for us to help perpetuate the myth of security
by obscurity, and plenty of good reasons for us *not* to do so.

Cheers,
D
--
David Fetter david@fetter.org http://fetter.org/
phone: +1 510 893 6100 mobile: +1 415 235 3778

Remember to vote!

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq