On Fri, 31 Aug 2001, Mike Arace wrote:
> 1) Is it legal to bundle Postgresql with another commercial application,
> assuming the database will have to be significantly reconfigured and tuned?
> (at the application level, not the source code level) I read over the
> licenses I could find on the site and they seemed to imply that the answer
> was yes, but I'd like to reaffirm that.
Yes.
> 2) More importantly, is it possible to prevent a customer from peeking into
> said database once it is deployed on their machine? A large part of what
> makes my application proprietary is the data model in the database, and it'd
> be tough to maintain a competative edge when everyone can see exactly how I
> do things in the database by logging into their postgres account, adding
> some users and changing permissions on their machine. I really need to make
> sure the database is bulletproof before I can begin deployment.
In general, answer is no. You could try to fake it by not giving customer
password for the database, but they could always poke around your app's
files, or boot postgres single-user. If you change postgres code that it
wouldn't boot singleuser, they can download postgres and recompile it,
removing that restriction.
Its 'security-through-obscurity'. You can prevent them from doing certain
things, but the fact of the matter is, they have the physical access to
the machine, and thus can read raw data on disk to find out what you are
doing.
-alex