Обсуждение: BUG #14103: stored function encryption
The following bug has been logged on the website: Bug reference: 14103 Logged by: Jagadeesha Email address: salianjag@gmail.com PostgreSQL version: 9.5.2 Operating system: Windows 7 Description: how to encrypt functions in Postgresql so that we can hide all my business logic ? is there any option like with encryption present in MS SQL ?
On 4/20/2016 3:59 AM, salianjag@gmail.com wrote: > how to encrypt functions in Postgresql so that we can hide all my business > logic ? write them in C or another compiled language, supply them as .SO (or .dll) files. > is there any option like with encryption present in MS SQL ? no. -- john r pierce, recycling bits in santa cruz
On Wed, Apr 20, 2016 at 06:54:37AM -0700, John R Pierce wrote: > On 4/20/2016 3:59 AM, salianjag@gmail.com wrote: > >how to encrypt functions in Postgresql so that we can hide all my business > >logic ? > > write them in C or another compiled language, supply them as .SO (or .dll) > files. FYI, you can often run 'strings' on the object file to see the SQL queries. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
On 4/29/2016 7:01 PM, Bruce Momjian wrote: >>> how to encrypt functions in Postgresql so that we can hide all my business >>> > >logic ? >> > >> >write them in C or another compiled language, supply them as .SO (or .dll) >> >files. > FYI, you can often run 'strings' on the object file to see the SQL > queries. hah, true, so I guess if you really want to hide it, you've got to hash all your string constants, or use an obtuse sql generator. -- john r pierce, recycling bits in santa cruz
On Fri, Apr 29, 2016 at 10:01:30PM -0400, Bruce Momjian wrote: > On Wed, Apr 20, 2016 at 06:54:37AM -0700, John R Pierce wrote: > > On 4/20/2016 3:59 AM, salianjag@gmail.com wrote: > > >how to encrypt functions in Postgresql so that we can hide all my business > > >logic ? > > > > write them in C or another compiled language, supply them as .SO (or .dll) > > files. > > FYI, you can often run 'strings' on the object file to see the SQL > queries. Seeing the SQL with 'strings' requires you have read access to the *.so library files. Also, this thread suggests that removing SELECT permission on pg_proc.prosrc allows you to prevent users from seeing the function, though it doesn't prevent a Postgres super-user from seeing it: http://www.postgresql.org/message-id/0100015338ce42f6-58727615-2385-4a80-9a73-c321c21c6928-000000@email.amazonses.com I am surprised you can still call the function if you do that. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +