Re: WIP: plpgsql source code obfuscation

On 28/01/2008, Dave Page <dpage(at)postgresql(dot)org> wrote:
> On Jan 28, 2008 12:51 PM, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> wrote:
> > Hello
> >
> > this patch define new function flag - OBFUSCATE. With this flag
> > encrypted source code is stored to probin column. Password is stored
> > in GUC_SUPERUSER_ONLY item - it is similar security like SQL Server
> > does (where privileged users can access system tables with source code
> > or can use debugger).
> >
> > ToDo: Dump
>
> Without making any comment of whether or not we should actually do
> this, a flag in pg_proc to indicate that the function is obfuscated
> would be handy for apps like pgAdmin, rather than assuming a - in
> prosrc has that meaning (which may be valid for some interpreters).

sure, but do you know, Tom dislikes new columns in pg_proc :). This
patch is usable sample of one possible solution and doesn't need
initdb. And there is dependency on pgcrypto :(. But it is simply and
it does all what is expected. Some customers wonted it. But I am not
sure if similar patch can be accepted - this is prototype. And when
I'll have some signals so patch can be commited I'll send final
version with obfuscate col in pg_proc. Any patch of pg_proc needs two
hours of work, and any change needs actualization - so lot of maybe
useless work.

Pavel

>
> /D
>