From: | Casey Allen Shobe <cshobe(at)bepress(dot)com> |
---|---|
To: | David Fetter <david(at)fetter(dot)org> |
Cc: | Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk>, Merlin Moncure <mmoncure(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bill Moran <wmoran(at)collaborativefusion(dot)com>, Greg Smith <gsmith(at)gregsmith(dot)com>, Jonathan Bond-Caron <jbondc(at)openmv(dot)com>, Postgres General List <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Obfuscated stored procedures (was Re: Oracle and Postgresql) |
Date: | 2008-09-25 20:38:14 |
Message-ID: | 07216387-ADE1-4A57-B225-518CBAEED29D@bepress.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-www |
On Sep 24, 2008, at 8:05 AM, David Fetter wrote:
> C is not magic obfuscation gear. Anybody with a debugger can expose
> what it's doing.
Yes, but you don't get original code, comments, etc. and it takes a
lot of effort to refine it back down into something maintainable.
People looking to protect IP are often not looking to prevent the same
functionality from being executed elsewhere, but to prevent somebody
from taking the results of their hard work with minimal effort (think
of Microsoft and the FreeBSD TCP/IP stack). If it costs the
competition a lot of time to decompile code and then rebuild
maintainable code out of it that probably doesn't take all the same
things into consideration and will lead to difficulties keeping up
with new features, that's adequate protection.
Of course, there are idiots out there who think that not making pl/
pgsql code visible should protect even against root-level access and
that compilation equals irreversible encryption, but not everyone
using these techniques is one of those idiots, and a few do have
pretty good reasons. Consider for example chipmakers, who compete
against each other selling to a very small number of clients. A board
maker will buy whatever does the job well at lowest cost, and the cost
associated with creating these is purely development time. If you put
months into making a really fast/efficient chip to do a specific task,
protecting this is very important, or you go out of business. This is
much the opposite of a business that provides a service.
Cheers,
--
Casey Allen Shobe
Database Architect, The Berkeley Electronic Press
From | Date | Subject | |
---|---|---|---|
Next Message | Casey Allen Shobe | 2008-09-25 20:45:06 | Re: Obfuscated stored procedures (was Re: Oracle and Postgresql) |
Previous Message | Jeff Davis | 2008-09-25 20:28:59 | Re: on duplicate key |
From | Date | Subject | |
---|---|---|---|
Next Message | Casey Allen Shobe | 2008-09-25 20:45:06 | Re: Obfuscated stored procedures (was Re: Oracle and Postgresql) |
Previous Message | Casey Allen Shobe | 2008-09-25 20:25:25 | Re: Obfuscated stored procedures (was Re: Oracle and Postgresql) |