David,
> That some "larger organizations" choose to use the known-unsafe method
> of security by obscurity is not a reason for anybody here to expend
> any effort helping them persist in this illusion: quite the opposite,
> in fact. "Larger organizations" are likely to have security needs
> which they actually need to address, not to pretend they've addressed
> while actually making things easy for attackers.
Hmmm, I agree with Merlin, I think. It would be nice if users who didn't have
permission to EXECUTE functions couldn't view their code, either. This would
probably carry a performance penalty, though.
Users with EXECUTE permission not being able to see code just isn't practical;
we support too many interpreted languages. If this is a concern, use C
functions and compile binaries. That's secure.
--
Josh Berkus
Aglio Database Solutions
San Francisco