SEO

#1 (**permalink**) 04-19-2008, 06:27 AM

Added to TODO:

o Add ability to obfuscate function bodies

http://archives.postgresql.org/pgsql...1/msg00125.php

---------------------------------------------------------------------------

Pavel Stehule wrote:
> Hello
>
> this patch define new function flag - OBFUSCATE. With this flag
> encrypted source code is stored to probin column. Password is stored
> in GUC_SUPERUSER_ONLY item - it is similar security like SQL Server
> does (where privileged users can access system tables with source code
> or can use debugger).
>
> ToDo: Dump
>
> Sample:
>
> postgres=# show obfuscator_password;
> obfuscator_password
> -----------------------
> moje supertajne heslo
> (1 row)
>
> postgres=# \x
> Expanded display is on.
> postgres=# create or replace function fx() returns int as $$begin
> return -1; end; $$ language plpgsql;
> CREATE FUNCTION
> postgres=# \df+ fx
> List of functions
> -[ RECORD 1 ]-------+-----------------------
> Schema | public
> Name | fx
> Result data type | integer
> Argument data types |
> Volatility | volatile
> Owner | bob
> Language | plpgsql
> Source code | begin return -1; end;
> Description |
>
> postgres=# ALTER FUNCTION fx() obfuscate;
> NOTICE: begin return -1; end;
> ALTER FUNCTION
> postgres=# \df+ fx
> List of functions
> -[ RECORD 1 ]-------+---------
> Schema | public
> Name | fx
> Result data type | integer
> Argument data types |
> Volatility | volatile
> Owner | bob
> Language | plpgsql
> Source code | -
> Description |
>
> postgres=# select fx();
> -[ RECORD 1 ]
> fx | -1
>
> postgres=# create or replace function fx() returns int as $$begin
> return -1; end; $$ language plpgsql obfuscate;
> CREATE FUNCTION
> postgres=# select fx();
> -[ RECORD 1 ]
> fx | -1
>
> postgres=# \df+ fx
> List of functions
> -[ RECORD 1 ]-------+---------
> Schema | public
> Name | fx
> Result data type | integer
> Argument data types |
> Volatility | volatile
> Owner | bob
> Language | plpgsql
> Source code | -
> Description |
>
> postgres=# select * from pg_proc where proname = 'fx';
> -[ RECORD 1 ]--+----------------------------------------------------------------------------
> proname | fx
> pronamespace | 2200
> proowner | 16385
> prolang | 16421
> procost | 100
> prorows | 0
> proisagg | f
> prosecdef | f
> proisstrict | f
> proretset | f
> provolatile | v
> pronargs | 0
> prorettype | 23
> proargtypes |
> proallargtypes |
> proargmodes |
> proargnames |
> prosrc | -
> probin |
> \231\003_\266\361\214}\231\240L/\020\232\036c\234\315P\236\266I\370\324\222
> proconfig |
> proacl |
>
>
> [pavel@okbob-bb ~]$ psql -U bob postgres
> Welcome to psql 8.3RC2, the PostgreSQL interactive terminal.
>
> Type: \copyright for distribution terms
> \h for help with SQL commands
> \? for help with psql commands
> \g or terminate with semicolon to execute query
> \q to quit
>
> postgres=> \x
> Expanded display is on.
> postgres=> show obfuscator_password;
> ERROR: must be superuser to examine "obfuscator_password"
> postgres=> select fx();
> -[ RECORD 1 ]
> fx | -1
>
> postgres=> \df+ fx
> List of functions
> -[ RECORD 1 ]-------+---------
> Schema | public
> Name | fx
> Result data type | integer
> Argument data types |
> Volatility | volatile
> Owner | bob
> Language | plpgsql
> Source code | -
> Description |
>
> postgres=> select * from pg_proc where proname = 'fx';
> -[ RECORD 1 ]--+----------------------------------------------------------------------------
> proname | fx
> pronamespace | 2200
> proowner | 16385
> prolang | 16421
> procost | 100
> prorows | 0
> proisagg | f
> prosecdef | f
> proisstrict | f
> proretset | f
> provolatile | v
> pronargs | 0
> prorettype | 23
> proargtypes |
> proallargtypes |
> proargmodes |
> proargnames |
> prosrc | -
> probin |
> \231\003_\266\361\214}\231\240L/\020\232\036c\234\315P\236\266I\370\324\222
> proconfig |
> proacl |

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: Don't 'kill -9' the postmaster

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

--
Sent via pgsql-patches mailing list (pgsql-patches@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-patches

#2 (**permalink**) 04-19-2008, 06:27 AM

On Sun, 6 Apr 2008 22:14:01 -0400 (EDT)
Bruce Momjian <bruce@momjian.us> wrote:

>
> Added to TODO:
>
> o Add ability to obfuscate function bodies
>
> http://archives.postgresql.org/pgsql...1/msg00125.php

For the record. I think this todo is bogus. We are an Open Source
database, let others worry about obfuscation. It isn't like it can't be
done within the facilities that already exist.

Joshua D. Drake

--
The PostgreSQL Company since 1997: http://www.commandprompt.com/
PostgreSQL Community Conference: http://www.postgresqlconference.org/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL SPI Liaison | SPI Director | PostgreSQL political pundit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH+aoaATb/zqfZUUQRAnbHAKCmuUdMNQlCgEqt1CFX6lexyNBsvgCgoga/
OjHF5a+fd5+vEREUg7Oi/G0=
=JSNV
-----END PGP SIGNATURE-----

#3 (**permalink**) 04-19-2008, 06:27 AM

"Joshua D. Drake" <jd@commandprompt.com> writes:
> Bruce Momjian <bruce@momjian.us> wrote:
>> Added to TODO:
>> o Add ability to obfuscate function bodies

> For the record. I think this todo is bogus.

For the record, I think so too ;-). The agreed-on TODO wording makes no
mention of what an acceptable implementation would look like, and that's
because there very possibly *is* no generally-acceptable implementation.
(Though if someone has a bright new idea, I'm sure we'd all listen.)
The point of the TODO entry is just to acknowledge that this is an issue
for some folk, and that a real solution would be welcomed.

regards, tom lane

--
Sent via pgsql-patches mailing list (pgsql-patches@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-patches

#4 (**permalink**) 04-19-2008, 06:27 AM

Hi,

On Sun, 2008-04-06 at 21:59 -0700, Joshua D. Drake wrote:
>
> For the record. I think this todo is bogus. We are an Open Source
> database, let others worry about obfuscation. It isn't like it can't
> be done within the facilities that already exist.

+1. IMHO, this patch should live as a pgfoundry module, not as a core
feature.

Regards,
--
Devrim GÜNDÜZ , RHCE
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
Managed Services, Shared and Dedicated Hosting
Co-Authors: plPHP, ODBCng - http://www.commandprompt.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBH+bvGpme12CBXnxERAh8BAJ9dRkvemYp3YvupL5JOny +w3zvjxQCeMr/W
vGWSPhHk01IX0SZdRSH2ru8=
=GqCW
-----END PGP SIGNATURE-----

#5 (**permalink**) 04-19-2008, 06:27 AM

Tom Lane wrote:
> "Joshua D. Drake" <jd@commandprompt.com> writes:
> > Bruce Momjian <bruce@momjian.us> wrote:
> >> Added to TODO:
> >> o Add ability to obfuscate function bodies
>
> > For the record. I think this todo is bogus.
>
> For the record, I think so too ;-). The agreed-on TODO wording makes no
> mention of what an acceptable implementation would look like, and that's
> because there very possibly *is* no generally-acceptable implementation.
> (Though if someone has a bright new idea, I'm sure we'd all listen.)
> The point of the TODO entry is just to acknowledge that this is an issue
> for some folk, and that a real solution would be welcomed.

We could list it as a feature we don't want, but I don't think that is
accurate.

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

--
Sent via pgsql-patches mailing list (pgsql-patches@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-patches

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

SEO

Re: WIP: plpgsql source code obfuscation