Re: crypting prosrc in pg_proc

On 8/10/07, Decibel! <decibel@decibel.org> wrote:
> As I said before, I don't care what security you come up with, *it can
> be broken*. The point of security measures isn't to make it impossible
> to break the security, it's to make it more difficult than it's worth.

I agree... but this type of security is really only
security-through-obscurity.  If the source code is out there (because
it's open source), it's not difficult at all.  The code to
encrypt/obfuscate it and decrypt/execute it will all be out there.
Anyone with a couple years of programming experience could strip it
out and create a utility for it in a couple hours.  My bet is that it
wouldn't even be a monetary-driven exercise... just some geek doing it
to see if he/she could.

As there's basically no security provided, I just don't see any reason
to spend the effort adding something like this to PostgreSQL.

-- 
Jonah H. Harris, Software Architect | phone: 732.331.1324
EnterpriseDB Corporation            | fax: 732.331.1301
33 Wood Ave S, 3rd Floor            | jharris@enterprisedb.com
Iselin, New Jersey 08830            | http://www.enterprisedb.com/