From: | "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com> |
---|---|
To: | 'Trevor Talbot' <quension(at)gmail(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
Cc: | Kris Jurka <books(at)ejurka(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bill Moran <wmoran(at)collaborativefusion(dot)com>, pgsql-performance(at)postgresql(dot)org |
Subject: | Re: viewing source code |
Date: | 2007-12-19 15:52:31 |
Message-ID: | 1A6E6D554222284AB25ABE3229A92762112A33@nrtexcus702.int.asurion.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-performance |
> -----Original Message-----
> From: Trevor Talbot [mailto:quension(at)gmail(dot)com]
> Sent: Wednesday, December 19, 2007 9:45 AM
> To: Joshua D. Drake
> Cc: Roberts, Jon; Kris Jurka; Merlin Moncure; Jonah H. Harris; Bill Moran;
> pgsql-performance(at)postgresql(dot)org
> Subject: Re: [PERFORM] viewing source code
>
> On 12/18/07, Joshua D. Drake <jd(at)commandprompt(dot)com> wrote:
>
> > On Tue, 18 Dec 2007 10:05:46 -0600
> > "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com> wrote:
>
> > > If we are talking about enhancement requests, I would propose we
> > > create a role that can be granted/revoked that enables a user to see
> > > dictionary objects like source code. Secondly, users should be able
> > > to see their own code they write but not others unless they have been
> > > granted this dictionary role.
>
> > You are likely not going to get any support on an obfuscation front.
> > This is an Open Source project :P
>
> Wait, what? This is a DBMS, with some existing security controls
> regarding the data users are able to access, and the proposal is about
> increasing the granularity of that control. Arbitrary function bodies
> are just as much data as anything else in the system.
>
> Obfuscation would be something like encrypting the function bodies so
> that even the owner or administrator cannot view or modify the code
> without significant reverse engineering. I mean, some people do want
> that sort of thing, but this proposal isn't even close.
Trevor, thank you for making the proposal clearer.
The more I thought about a counter proposal to put views on pg_proc, I
realized that isn't feasible either. It would break functionality of
pgAdmin because users couldn't view their source code with the tool.
>
> Where on earth did "obfuscation" come from?
Don't know. :)
This really is a needed feature to make PostgreSQL more attractive to
businesses. A more robust security model that better follows commercial
products is needed for adoption.
Jon
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2007-12-19 15:55:31 | Re: viewing source code |
Previous Message | Trevor Talbot | 2007-12-19 15:45:06 | Re: viewing source code |