Re: revoked permissions on table still allows users to see table's structure

From: "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
To: "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com>, "Juan Cuervo (Quality Telecom)" <juanrcuervo(at)quality-telecom(dot)net>
Cc: <pgsql-admin(at)postgresql(dot)org>
Subject: Re: revoked permissions on table still allows users to see table's structure
Date: 2011-07-22 18:00:07
Message-ID: 4E297457020000250003F708@gw.wicourts.gov
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

"Juan Cuervo (Quality Telecom)" <juanrcuervo(at)quality-telecom(dot)net>
wrote:

> Imagine you own a software development company,

Not too hard for me. Been there, done that.

> and decides to base the company's product on Postgresql databases.
> Such a company surely dont want to expose his database design to
> its customers, but in some time might want to provide 'select'
> access to some users, so they can pull data to external datamining
> or data analisys tools, for example. If this is not possible in
> postgresql right now, then all users with connect privilege will
> be able to see not only the table's structure, but also the stored
> procedures code, wich in many cases, stores a business logic or
> know-how.

Imagine that the software is running on a machine under the client's
control, where they have root access to the OS. They can then
disassemble or debug through code to see how the encrypted procedure
code is turned into something the database can compile, they can
connect to the database as the superuser to view all details. The
only protection provided by what you suggest is from those too inept
to really pose a competitive threat. If you think some other
product gives you protection beyond this, it is an illusion.

The only way to protect your schema and logic from view is to offer
"software as a service". While someone might still infer a lot
about the structure of the data and the logic of the code from
observing its displays and the procedures available to the user, you
would have some insulation.

-Kevin

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Igor Neyman 2011-07-22 18:09:07 Re: revoked permissions on table still allows users to see table's structure
Previous Message Juan Cuervo (Quality Telecom) 2011-07-22 17:43:18 Re: revoked permissions on table still allows users to see table's structure