Re: viewing source code

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 14 Dec 2007 11:18:49 -0500
Bill Moran <wmoran@collaborativefusion.com> wrote:

> > That is like saying anyone that has rights to call a web service
> > should be able to see the source code for it.
> 
> I think that's a good idea.  If vendors were forced publish their
> code, we'd have less boneheaded security breaches.

Not all closed source code is subject to boneheaded security breaches.
I believe that this individuals request is a valid one from a business
requirements perspective.

> 
> > There should be the ability to create
> > some level of abstraction when appropriate.
> 
> I agree.  If vendors want to have boneheaded security breaches, they
> should be allowed.

It is not up to your or me to make the determination of what people are
able to do with their code.

> 
> > However, in the current configuration, all users with permission to
> > log in can see all source code.  They don't have rights to execute
> > the functions but they can see the source code for them.  Shouldn't
> > I be able to revoke both the ability to execute and the ability to
> > see functions?

Yes and know. If your functions are interpreted then no, I don't see
any reason for this feature, e.g; python,perl,plpgsql,sql,ruby. I can
read them on disk anyway.

If you want to obfuscate your code I suggest you use a compilable form
or a code obfuscation module for your functions (which can be had for
at least python, I am sure others as well).

Sincerely,

Joshua D. Drake


- -- 
The PostgreSQL Company: Since 1997, http://www.commandprompt.com/ 
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
SELECT 'Training', 'Consulting' FROM vendor WHERE name = 'CMD'


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHYrejATb/zqfZUUQRAjd7AJ9iCqsvsB/7FfvUeLkpCUZ4/14/+wCcCD+w
Z4kjQ44yOgfR4ph0SKkUuUI=
=v3Fz
-----END PGP SIGNATURE-----