Talk About Network

Google


Register and Login
Nick
Password
Register create new account Sign up is FREE and you can post replies, new topics, bookmark posts and more!
Recover lost password


Data Bases > Pgsql Patches > Re: WIP: plpgsq...
Latest [ Topics | Posts ] Archive Post A New Topic Post a Reply
<< Topic < Post Post 1 of 1 Topic 3564 of 4253
 Post > Topic >>

Re: WIP: plpgsql source code obfuscation

by bruce@[EMAIL PROTECTED] (Bruce Momjian) Apr 6, 2008 at 10:14 PM

Added to TODO:

        o Add ability to obfuscate function bodies

         
http://archives.postgresql.org/pgsql-patches/2008-01/msg00125.php


---------------------------------------------------------------------------

Pavel Stehule wrote:
> Hello
> 
> this patch define new function flag - OBFUSCATE. With this flag
> encrypted source code is stored to probin column. Password is stored
> in GUC_SUPERUSER_ONLY item - it is similar security like SQL Server
> does (where privileged users can access system tables with source code
> or can use debugger).
> 
> ToDo: Dump
> 
> Sample:
> 
> postgres=# show obfuscator_password;
>   obfuscator_password
> -----------------------
>  moje supertajne heslo
> (1 row)
> 
> postgres=# \x
> Expanded display is on.
> postgres=# create or replace function fx() returns int as $$begin
> return -1; end; $$ language plpgsql;
> CREATE FUNCTION
> postgres=# \df+ fx
> List of functions
> -[ RECORD 1 ]-------+-----------------------
> Schema              | public
> Name                | fx
> Result data type    | integer
> Argument data types |
> Volatility          | volatile
> Owner               | bob
> Language            | plpgsql
> Source code         | begin return -1; end;
> Description         |
> 
> postgres=# ALTER FUNCTION fx() obfuscate;
> NOTICE:  begin return -1; end;
> ALTER FUNCTION
> postgres=# \df+ fx
> List of functions
> -[ RECORD 1 ]-------+---------
> Schema              | public
> Name                | fx
> Result data type    | integer
> Argument data types |
> Volatility          | volatile
> Owner               | bob
> Language            | plpgsql
> Source code         | -
> Description         |
> 
> postgres=# select fx();
> -[ RECORD 1 ]
> fx | -1
> 
> postgres=# create or replace function fx() returns int as $$begin
> return -1; end; $$ language plpgsql obfuscate;
> CREATE FUNCTION
> postgres=# select fx();
> -[ RECORD 1 ]
> fx | -1
> 
> postgres=# \df+ fx
> List of functions
> -[ RECORD 1 ]-------+---------
> Schema              | public
> Name                | fx
> Result data type    | integer
> Argument data types |
> Volatility          | volatile
> Owner               | bob
> Language            | plpgsql
> Source code         | -
> Description         |
> 
> postgres=# select * from pg_proc where proname = 'fx';
> -[ RECORD 1
]--+----------------------------------------------------------------------------
> proname        | fx
> pronamespace   | 2200
> proowner       | 16385
> prolang        | 16421
> procost        | 100
> prorows        | 0
> proisagg       | f
> prosecdef      | f
> proisstrict    | f
> proretset      | f
> provolatile    | v
> pronargs       | 0
> prorettype     | 23
> proargtypes    |
> proallargtypes |
> proargmodes    |
> proargnames    |
> prosrc         | -
> probin         |
>
\231\003_\266\361\214}\231\240L/\020\232\036c\234\315P\236\266I\370\324\222
> proconfig      |
> proacl         |
> 
> 
> [pavel@[EMAIL PROTECTED]
 ~]$ psql -U bob postgres
> Welcome to psql 8.3RC2, the PostgreSQL interactive terminal.
> 
> Type:  \copyright for distribution terms
>        \h for help with SQL commands
>        \? for help with psql commands
>        \g or terminate with semicolon to execute query
>        \q to quit
> 
> postgres=> \x
> Expanded display is on.
> postgres=> show obfuscator_password;
> ERROR:  must be superuser to examine "obfuscator_password"
> postgres=> select fx();
> -[ RECORD 1 ]
> fx | -1
> 
> postgres=> \df+ fx
> List of functions
> -[ RECORD 1 ]-------+---------
> Schema              | public
> Name                | fx
> Result data type    | integer
> Argument data types |
> Volatility          | volatile
> Owner               | bob
> Language            | plpgsql
> Source code         | -
> Description         |
> 
> postgres=> select * from pg_proc where proname = 'fx';
> -[ RECORD 1
]--+----------------------------------------------------------------------------
> proname        | fx
> pronamespace   | 2200
> proowner       | 16385
> prolang        | 16421
> procost        | 100
> prorows        | 0
> proisagg       | f
> prosecdef      | f
> proisstrict    | f
> proretset      | f
> provolatile    | v
> pronargs       | 0
> prorettype     | 23
> proargtypes    |
> proallargtypes |
> proargmodes    |
> proargnames    |
> prosrc         | -
> probin         |
>
\231\003_\266\361\214}\231\240L/\020\232\036c\234\315P\236\266I\370\324\222
> proconfig      |
> proacl         |

[ Attachment, skipping... ]

> 
> ---------------------------(end of broadcast)---------------------------
> TIP 2: Don't 'kill -9' the postmaster

-- 
  Bruce Momjian  <bruce@[EMAIL PROTECTED]
>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

-- 
Sent via pgsql-patches mailing list (pgsql-patches@[EMAIL PROTECTED]
)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-patches




 1 Posts in Topic:
Re: WIP: plpgsql source code obfuscation
 bruce@[EMAIL PROTECTED]   2008-04-06 22:14:01 

Post A Reply:
  Go here to Signup

AddThis Feed Button


About - Advertising - Contact - Frequently Asked Questions - Privacy Policy - Terms of Use - Signup
Contact
tan12V112 Fri Dec 5 5:37:01 CST 2008.