From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Merlin Moncure" <mmoncure(at)gmail(dot)com> |
Cc: | "Alvaro Herrera" <alvherre(at)commandprompt(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, "Trevor Talbot" <quension(at)gmail(dot)com>, "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com>, "Kris Jurka" <books(at)ejurka(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, "Bill Moran" <wmoran(at)collaborativefusion(dot)com>, pgsql-performance(at)postgresql(dot)org |
Subject: | Re: viewing source code |
Date: | 2007-12-20 23:01:58 |
Message-ID: | 20377.1198191718@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-performance |
"Merlin Moncure" <mmoncure(at)gmail(dot)com> writes:
> I don't really agree that wrapping pl/pgsql with encryptor/decryptor
> is a bad idea.
It's quite a good idea, because it has more than zero chance of
succeeding politically in the community.
The fundamental reason why preventing access to pg_proc.prosrc won't
happen is this: all the pain (and there will be plenty) will be
inflicted on people who get none of the benefit (because they don't give
a damn about hiding their own functions' code). The folks who want
function hiding can shout all they want, but as long as there is a very
sizable fraction of the community who flat out *don't* want it, it's
not going to get applied.
Encrypted function bodies avoid this problem because they inflict no
performance penalty, operational complexity, or client-code breakage
on people who don't use the feature. They are arguably also a better
solution because they can guard against more sorts of threats than
a column-hiding solution can.
I don't deny that the key-management problem is interesting, but it
seems soluble; moreover, the difficulties that people have pointed to
are nothing but an attempt to move the goalposts, because they
correspond to requirements that a column-hiding solution would never
meet at all.
So if you want something other than endless arguments to happen,
come up with a nice key-management design for encrypted function
bodies.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Harald Armin Massa | 2007-12-20 23:23:46 | Re: viewing source code |
Previous Message | Merlin Moncure | 2007-12-20 22:54:37 | Re: viewing source code |