Re: crypting prosrc in pg_proc

Hans-Juergen Schoenig napsal(a):
> the idea is basically to hide codes - many companies want that and ask 
> for it again and again.
> 
> i would suggest keys to reside in $PGDATA. we do this for SSL and so 
> already.
> 
> initdb could create such keys so that they are unique to every database 
> instance.
> decrypting could be avoided as much as possible basically we should just 
> decrypt on first all and when it changes.

But, Companies want to hide code also because they distribute their software. If 
you store key somewhere on server, user will be able to decrypt the original 
code.  If I remember correctly Oracle wrap generates something like bytecode and 
each Oracle installation is able to understand them. But It is not possible 
decode it back to original form.


My suggestion is to extend PL API and each PL language should offer wrap or 
encrypt function which generate encrypted code and this code will be store in 
the pg_proc. PL language will be responsible to detect if it raw or crypted 
code. PG_Dump will dump crypted procedure and author is responsible keep his 
uncrypted version in source repository.

    Zdenek