'Re: [GENERAL] Securing stored procedures and triggers'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-general
Subject:    Re: [GENERAL] Securing stored procedures and triggers
From:       mgould <mgould () allcoast ! net>
Date:       2007-10-31 21:18:58
Message-ID: 20071031211858.06e606b2 () mail ! allcoast ! net
[Download RAW message or body]

Thanks all.  In the open source community there seems to be more talent to "hack" \
than in other environments.  Once I told ASA to set the "hidden" attribute, I've not \
had any problems with this, at least that I've heard of. I was hoping that I'd be \
able to keep others out of the database totally but I can't host these applications \
for all of my customers.

Best Regards,

Michael Gould
All Coast Intermodal Services, Inc.
904-376-7030
      _____  

  From: Reg Me Please [mailto:regmeplease@gmail.com]
To: pgsql-general@postgresql.org
Sent: Wed, 31 Oct 2007 14:26:51 -0400
Subject: Re: [GENERAL] Securing stored procedures and triggers

There's not bulletproof way, in my opinion.

If they copy the whole DB structure *and* the object binaries they'll
have the very same functionalities!

Il Wednesday 31 October 2007 16:13:23 Douglas McNaught ha scritto:
> mgould <mgould@allcoast.net> writes:
> > We are currently migrating from Sybase's ASA 9/10 to PostGres 8.2.4.
> > One of the features that is really nice in ASA is the ability to add
> > the attribute hidden to a Create procedure, Create function and
> > Create trigger. Essentially what this does is encrypt the code so
> > that if anyone or any utility gets into the database they cannot see
> > any of the actual code. This is a great feature for protecting
> > intellectual processing techniques. I don't know if there is anyway
> > to do this in PostGres. Before the hidden feature was added, we had
> > a competitor steal some of our stored procedure processing code. Is
> > there anyway to protect this from happening in PostGres?
> 
> The only bulletproof way to do this currently is to write all your
> stored functions in C and load them as a shared library.
> 
> -Doug
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly

-- 
Reg me Please

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
      
   
 


[Attachment #3 (text/html)]

<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>
<html>
<head>
 <meta http-equiv='Content-Type' content='text/html;charset=us-ascii'>
 <style>BODY{font:10pt Tahoma, Verdana, sans-serif;}</style>
</head>
<body>
<DIV>Thanks all.&nbsp; In the open source community there seems to be more talent to \
"hack" than in other environments.&nbsp; Once I told ASA to set the "hidden" \
attribute, I've not had any problems with this, at least that I've heard of. I was \
hoping that I'd be able to keep others out of the database totally but I can't host \
these applications for all of my customers.</DIV><BR><BR>Best Regards,<BR><BR>Michael \
Gould<BR>All Coast Intermodal Services, Inc.<BR>904-376-7030<BR> <BLOCKQUOTE \
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; \
MARGIN-RIGHT: 0px"> <HR>
<B>From:</B> Reg Me Please [mailto:regmeplease@gmail.com]<BR><B>To:</B> \
pgsql-general@postgresql.org<BR><B>Sent:</B> Wed, 31 Oct 2007 14:26:51 \
-0400<BR><B>Subject:</B> Re: [GENERAL] Securing stored procedures and \
triggers<BR><BR>There's not bulletproof way, in my opinion.<BR><BR>If they copy the \
whole DB structure *and* the object binaries they'll<BR>have the very same \
functionalities!<BR><BR>Il Wednesday 31 October 2007 16:13:23 Douglas McNaught ha \
scritto:<BR>&gt; mgould &lt;<A \
href="mailto:mgould@allcoast.net">mgould@allcoast.net</A>&gt; writes:<BR>&gt; &gt; We \
are currently migrating from Sybase's ASA 9/10 to PostGres 8.2.4.<BR>&gt; &gt; One of \
the features that is really nice in ASA is the ability to add<BR>&gt; &gt; the \
attribute hidden to a Create procedure, Create function and<BR>&gt; &gt; Create \
trigger. Essentially what this does is encrypt the code so<BR>&gt; &gt; that if \
anyone or any utility gets into the database they cannot see<BR>&gt; &gt; any of the \
actual code. This is a great feature for protecting<BR>&gt; &gt; intellectual \
processing techniques. I don't know if there is anyway<BR>&gt; &gt; to do this in \
PostGres. Before the hidden feature was added, we had<BR>&gt; &gt; a competitor steal \
some of our stored procedure processing code. Is<BR>&gt; &gt; there anyway to protect \
this from happening in PostGres?<BR>&gt;<BR>&gt; The only bulletproof way to do this \
currently is to write all your<BR>&gt; stored functions in C and load them as a \
shared library.<BR>&gt;<BR>&gt; -Doug<BR>&gt;<BR>&gt; ---------------------------(end \
of broadcast)---------------------------<BR>&gt; TIP 1: if posting/reading through \
Usenet, please send an appropriate<BR>&gt; subscribe-nomail command to <A \
href="mailto:majordomo@postgresql.org">majordomo@postgresql.org</A> so that \
your<BR>&gt; message can get through to the mailing list cleanly<BR><BR>-- <BR>Reg me \
Please<BR><BR>---------------------------(end of \
broadcast)---------------------------<BR>TIP 2: Don't 'kill -9' the \
postmaster<BR></BLOCKQUOTE> <STYLE>
</STYLE>

<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV></body></html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic