Re: Hide source code

David,

> That some "larger organizations" choose to use the known-unsafe method
> of security by obscurity is not a reason for anybody here to expend
> any effort helping them persist in this illusion: quite the opposite,
> in fact.  "Larger organizations" are likely to have security needs
> which they actually need to address, not to pretend they've addressed
> while actually making things easy for attackers.

Hmmm, I agree with Merlin, I think.  It would be nice if users who didn't have 
permission to EXECUTE functions couldn't view their code, either. This would 
probably carry a performance penalty, though.

Users with EXECUTE permission not being able to see code just isn't practical; 
we support too many interpreted languages.  If this is a concern, use C 
functions and compile binaries.  That's secure.

-- 
Josh Berkus
Aglio Database Solutions
San Francisco