[prev in list] [next in list] [prev in thread] [next in thread]
List: postgresql-general
Subject: Re: [GENERAL] Securing stored procedures and triggers
From: mgould <mgould () allcoast ! net>
Date: 2007-10-31 21:18:58
Message-ID: 20071031211858.06e606b2 () mail ! allcoast ! net
[Download RAW message or body]
Thanks all. In the open source community there seems to be more talent to "hack" \
than in other environments. Once I told ASA to set the "hidden" attribute, I've not \
had any problems with this, at least that I've heard of. I was hoping that I'd be \
able to keep others out of the database totally but I can't host these applications \
for all of my customers.
Best Regards,
Michael Gould
All Coast Intermodal Services, Inc.
904-376-7030
_____
From: Reg Me Please [mailto:regmeplease@gmail.com]
To: pgsql-general@postgresql.org
Sent: Wed, 31 Oct 2007 14:26:51 -0400
Subject: Re: [GENERAL] Securing stored procedures and triggers
There's not bulletproof way, in my opinion.
If they copy the whole DB structure *and* the object binaries they'll
have the very same functionalities!
Il Wednesday 31 October 2007 16:13:23 Douglas McNaught ha scritto:
> mgould <mgould@allcoast.net> writes:
> > We are currently migrating from Sybase's ASA 9/10 to PostGres 8.2.4.
> > One of the features that is really nice in ASA is the ability to add
> > the attribute hidden to a Create procedure, Create function and
> > Create trigger. Essentially what this does is encrypt the code so
> > that if anyone or any utility gets into the database they cannot see
> > any of the actual code. This is a great feature for protecting
> > intellectual processing techniques. I don't know if there is anyway
> > to do this in PostGres. Before the hidden feature was added, we had
> > a competitor steal some of our stored procedure processing code. Is
> > there anyway to protect this from happening in PostGres?
>
> The only bulletproof way to do this currently is to write all your
> stored functions in C and load them as a shared library.
>
> -Doug
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
--
Reg me Please
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
[Attachment #3 (text/html)]
<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>
<html>
<head>
<meta http-equiv='Content-Type' content='text/html;charset=us-ascii'>
<style>BODY{font:10pt Tahoma, Verdana, sans-serif;}</style>
</head>
<body>
<DIV>Thanks all. In the open source community there seems to be more talent to \
"hack" than in other environments. Once I told ASA to set the "hidden" \
attribute, I've not had any problems with this, at least that I've heard of. I was \
hoping that I'd be able to keep others out of the database totally but I can't host \
these applications for all of my customers.</DIV><BR><BR>Best Regards,<BR><BR>Michael \
Gould<BR>All Coast Intermodal Services, Inc.<BR>904-376-7030<BR> <BLOCKQUOTE \
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; \
MARGIN-RIGHT: 0px"> <HR>
<B>From:</B> Reg Me Please [mailto:regmeplease@gmail.com]<BR><B>To:</B> \
pgsql-general@postgresql.org<BR><B>Sent:</B> Wed, 31 Oct 2007 14:26:51 \
-0400<BR><B>Subject:</B> Re: [GENERAL] Securing stored procedures and \
triggers<BR><BR>There's not bulletproof way, in my opinion.<BR><BR>If they copy the \
whole DB structure *and* the object binaries they'll<BR>have the very same \
functionalities!<BR><BR>Il Wednesday 31 October 2007 16:13:23 Douglas McNaught ha \
scritto:<BR>> mgould <<A \
href="mailto:mgould@allcoast.net">mgould@allcoast.net</A>> writes:<BR>> > We \
are currently migrating from Sybase's ASA 9/10 to PostGres 8.2.4.<BR>> > One of \
the features that is really nice in ASA is the ability to add<BR>> > the \
attribute hidden to a Create procedure, Create function and<BR>> > Create \
trigger. Essentially what this does is encrypt the code so<BR>> > that if \
anyone or any utility gets into the database they cannot see<BR>> > any of the \
actual code. This is a great feature for protecting<BR>> > intellectual \
processing techniques. I don't know if there is anyway<BR>> > to do this in \
PostGres. Before the hidden feature was added, we had<BR>> > a competitor steal \
some of our stored procedure processing code. Is<BR>> > there anyway to protect \
this from happening in PostGres?<BR>><BR>> The only bulletproof way to do this \
currently is to write all your<BR>> stored functions in C and load them as a \
shared library.<BR>><BR>> -Doug<BR>><BR>> ---------------------------(end \
of broadcast)---------------------------<BR>> TIP 1: if posting/reading through \
Usenet, please send an appropriate<BR>> subscribe-nomail command to <A \
href="mailto:majordomo@postgresql.org">majordomo@postgresql.org</A> so that \
your<BR>> message can get through to the mailing list cleanly<BR><BR>-- <BR>Reg me \
Please<BR><BR>---------------------------(end of \
broadcast)---------------------------<BR>TIP 2: Don't 'kill -9' the \
postmaster<BR></BLOCKQUOTE> <STYLE>
</STYLE>
<DIV> </DIV>
<DIV> </DIV></body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic