On Mon, Jul 11, 2005 at 07:59:44AM -0400, Merlin Moncure wrote:
> > On Sun, Jul 10, 2005 at 04:26:26AM -0300, M?rcio A. Sepp wrote:
> > > Hi,
> > >
> > > I'm looking for a way to hide the souce code of my system
> > > (functions).
> > >
> > > In Oracle, I can wrap it. Is there something that I can use to
> > > hide and/or wrap my source code?
> >
> > If you have code that you don't want people to take, use the
> > copyright and license system, which works, not the obfuscation
> > system, which is amazingly fragile. And besides, what's so
> > embarrassing about this code that you don't want people to see it?
>
> This was discusses extensively in the archives about a month ago.
> Actually it is possible to 'hide' the source code so that a database
> user can't view it (or anything else) in psql by manipulating system
> schema permissions.
Interesting. Again, this is pretty fragile with respect to, for
example, pg_dump(all).
> Regardless of your philosophical standpoint, many larger
> organizations will feel uncomfortable with having unprivileged users
> having access to all the database procedure source code.
That some "larger organizations" choose to use the known-unsafe method
of security by obscurity is not a reason for anybody here to expend
any effort helping them persist in this illusion: quite the opposite,
in fact. "Larger organizations" are likely to have security needs
which they actually need to address, not to pretend they've addressed
while actually making things easy for attackers.
Cheers,
D
--
David Fetter david@fetter.org http://fetter.org/
phone: +1 510 893 6100 mobile: +1 415 235 3778
Remember to vote!