Re: crypting prosrc in pg_proc

On 8/9/07, Zdenek Kotala <Zdenek.Kotala@sun.com> wrote:
> If I remember correctly Oracle wrap generates something like bytecode and
> each Oracle installation is able to understand them. But It is not possible
> decode it back to original form.

Regardless of what Oracle tells you, it has always been reversible.
The thing is, there's only a few people who know how to do it.  In my
Oracle circles, at last count there were 7 people in the world who
knew how to unwrap 9i and earlier.  I know of at least 2 more who know
10g.

Oracle is closed-source, and people can still figure it out.  It is
*impossible* to implement a completely secure way to do something
similar with an open-source database.

As Korry said, at some point it's going to be in clear-text... anyone
can break into the hardware, startup a debugger (and/or insert a
hacked version of the PL), and print it out.

The only other way is to actually store the interpreted form of
PL/pgSQL, which would be a large job, and still wouldn't really
protect you.  All someone would have to do is build a simple code
generator and run the interpreted form through it.

Obfuscation doesn't really work, it just makes big wigs in companies
*think* it's not easily reversible.

There is no real security.  With enough time and experience, anything
can be broken.

-- 
Jonah H. Harris, Software Architect | phone: 732.331.1324
EnterpriseDB Corporation            | fax: 732.331.1301
33 Wood Ave S, 3rd Floor            | jharris@enterprisedb.com
Iselin, New Jersey 08830            | http://www.enterprisedb.com/