Re: BUG #14103: stored function encryption

On Fri, Apr 29, 2016 at 10:01:30PM -0400, Bruce Momjian wrote:
> On Wed, Apr 20, 2016 at 06:54:37AM -0700, John R Pierce wrote:
> > On 4/20/2016 3:59 AM, salianjag@gmail.com wrote:
> > >how to encrypt functions in Postgresql so that we can hide all my business
> > >logic ?
> >
> > write them in C or another compiled language, supply them as .SO (or .dll)
> > files.
>
> FYI, you can often run 'strings' on the object file to see the SQL
> queries.

Seeing the SQL with 'strings' requires you have read access to the *.so
library files.

Also, this thread suggests that removing SELECT permission on
pg_proc.prosrc allows you to prevent users from seeing the function,
though it doesn't prevent a Postgres super-user from seeing it:


http://www.postgresql.org/message-id/0100015338ce42f6-58727615-2385-4a80-9a73-c321c21c6928-000000@email.amazonses.com

I am surprised you can still call the function if you do that.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +