| From: | Pasi Oja-Nisula <pon(at)iki(dot)fi> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Stored procedure code no longer stored in v14 and v15, changed behaviour |
| Date: | 2022-12-02 14:15:21 |
| Message-ID: | CAJvus-O6qvF_3jNHZdfX5f-5s3FLSHhUHVyPYtgCzftYH+CYXg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, 2 Dec 2022 at 15:47, raf <raf(at)raf(dot)org> wrote:
> If you're concerned about tampering by
> customers/users/developers, you can either set
> permissions to prevent it in some cases, and when you
> can't prevent it, make it tamper-evident by logging
> actions to somewhere remote and monitoring for what
> concerns you. That should satisfy auditors.
True. But isn't this extra work compared to previous situation?
If you can compare procedure text directly and say to your developers
"you scoundrel did a change outside version control, no dessert for you".
I would be perfectly satisfied, if the sql that produced the procedure
would be stored "as is" read-only copy when it was compiled. If an object
rename makes it invalid, tweak a bit telling so, but don't change the text
until next alter procedure is run.
Pasi
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter J. Holzer | 2022-12-02 15:05:11 | Re: Stored procedure code no longer stored in v14 and v15, changed behaviour |
| Previous Message | Jeremy Smith | 2022-12-02 14:10:58 | Re: Stored procedure code no longer stored in v14 and v15, changed behaviour |