Re: Securing stored procedures and triggers

Поиск
Список
Период
Сортировка
От Sam Mason
Тема Re: Securing stored procedures and triggers
Дата
Msg-id 20071101012318.GC1955@frubble.xen.chris-lamb.co.uk
обсуждение исходный текст
Ответ на Re: Securing stored procedures and triggers  (mgould <mgould@allcoast.net>)
Список pgsql-general
On Wed, Oct 31, 2007 at 05:18:58PM -0400, mgould wrote:
> Thanks all.  In the open source community there seems to be more
> talent to "hack" than in other environments.

I think we're just much more honest about what the technology is
really capable of.  None of us is likely to actually bother breaking
into anything, it's just that once you understand the fundamental
building blocks of computers it's reasonably easy to determine specific
properties.  People involved in FOSS projects generally have a much
better understanding of this that in other environments.

> Once I told ASA to set
> the "hidden" attribute, I've not had any problems with this, at least
> that I've heard of.

Which, almost by definition in security, you're not going to hear about.

> I was hoping that I'd be able to keep others out
> of the database totally but I can't host these applications for all of
> my customers.

In absolute terms you can't protect code.  The whole point of computers
and information is that it's very difficult to lock down.  Witness the
trouble that the big media companies are having with trying to "protect"
the contents of their DVD/CD's.


  Sam

В списке pgsql-general по дате отправления:

Предыдущее
От: "Catalin Marinas"
Дата:
Сообщение: Re: Fragments in tsearch2 headline
Следующее
От: Tom Lane
Дата:
Сообщение: Re: current_user changes immediately after login