| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | salianjag(at)gmail(dot)com, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #14103: stored function encryption |
| Date: | 2016-04-30 23:01:00 |
| Message-ID: | 20160430230100.GA8849@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Fri, Apr 29, 2016 at 10:01:30PM -0400, Bruce Momjian wrote:
> On Wed, Apr 20, 2016 at 06:54:37AM -0700, John R Pierce wrote:
> > On 4/20/2016 3:59 AM, salianjag(at)gmail(dot)com wrote:
> > >how to encrypt functions in Postgresql so that we can hide all my business
> > >logic ?
> >
> > write them in C or another compiled language, supply them as .SO (or .dll)
> > files.
>
> FYI, you can often run 'strings' on the object file to see the SQL
> queries.
Seeing the SQL with 'strings' requires you have read access to the *.so
library files.
Also, this thread suggests that removing SELECT permission on
pg_proc.prosrc allows you to prevent users from seeing the function,
though it doesn't prevent a Postgres super-user from seeing it:
I am surprised you can still call the function if you do that.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christoph Berg | 2016-05-01 19:12:21 | Re: BUG #14117: psql and pg_dump commands should use ENV perl |
| Previous Message | John R Pierce | 2016-04-30 06:27:55 | Re: BUG #14103: stored function encryption |