I have similar patch and it works. There is two isues:
* we missing column in pg_proc about state (not all procedures are
obfuscated), I solved it for plpgsl with using probin.
* decrypt is expensive on language handler level. Every session have
to do it again and again, better decrypt in system
On Fri, Dec 21, 2007 at 01:30:07AM -0500, Jaime Casanova wrote:
On Dec 20, 2007 9:31 PM, Alvaro Herrera [EMAIL PROTECTED] wrote:
Jaime Casanova escribió:
it doesn't compile on current head on mingw 5.1 and msys 1.0.10; of
course, it doesn't compile on 8.2 neither in order to Alvaro's
Andrew Dunstan escribió:
Alvaro Herrera wrote:
I think this patch should fix it. I think win32.mak needs to be
similarly patched.
Don't you also need to add pgsleep.o to $(OBJS) in the win32 stanza?
Hmm. Wow, that's silly. I introduced a hack in a Replicator's Makefile
to avoid having
Brian Hurt wrote:
While we're blue skying things, I've had an idea for a sorting
algorithm kicking around for a couple of years that might be
interesting. It's a variation on heapsort to make it significantly
more block-friendly. I have no idea if the idea would work, or how
well it'd
Alvaro Herrera wrote:
I don't know how to make it output the symbol names like it seems to do
for you.
Having the typedef list in the script itself seems like a barrier for
other people to contribute to this thing. I wonder if that can be
changed so that the typedef is on a separate list.
On Dec 21, 2007 3:18 AM, Pavel Stehule [EMAIL PROTECTED] wrote:
I have similar patch and it works. There is two isues:
* we missing column in pg_proc about state (not all procedures are
obfuscated), I solved it for plpgsl with using probin.
I was hoping to avoid making any catalog or other
Alvaro Herrera wrote:
Tom Lane wrote:
Alvaro Herrera [EMAIL PROTECTED] writes:
I don't know how to make it output the symbol names like it seems to do
for you.
I dislike the object-file-based approach altogether, not least because
it appears to depend on unportable aspects of
Bruce Momjian [EMAIL PROTECTED] writes:
Alvaro Herrera wrote:
indent needs the typedef list. Maybe we can hack something based on
typedefs in the source code, instead of object files.
The only think of is to grab typedefs from the object file and then also
try to get them from the souce too
On 21/12/2007, Merlin Moncure [EMAIL PROTECTED] wrote:
On Dec 21, 2007 3:18 AM, Pavel Stehule [EMAIL PROTECTED] wrote:
I have similar patch and it works. There is two isues:
* we missing column in pg_proc about state (not all procedures are
obfuscated), I solved it for plpgsl with using
On Fri, Dec 21, 2007 at 12:09:28AM -0500, Merlin Moncure wrote:
Maybe a key management solution isn't required. If, instead of
strictly wrapping a language with an encryption layer, we provide
hooks (actors) that have the ability to operate on the function body
when it arrives and leaves
Pavel Stehule [EMAIL PROTECTED] writes:
On 21/12/2007, Merlin Moncure [EMAIL PROTECTED] wrote:
... The real issue as I see it is where to
keep the key. How did you handle that?
Simply. I use for password some random plpgsql message text and
compile it. I though about GUC, and about storing
On Fri, Dec 21, 2007 at 12:40:05AM -0500, Tom Lane wrote:
whether there is a useful policy for it to implement. Andrew Sullivan
argued upthread that we cannot get anywhere with both keys and encrypted
function bodies stored in the same database (I hope that's an adequate
summary of his
Andrew Sullivan [EMAIL PROTECTED] writes:
On Fri, Dec 21, 2007 at 12:09:28AM -0500, Merlin Moncure wrote:
Maybe a key management solution isn't required.
I like this idea much better, because the same basic mechanism can be used
for more than one thing, and it doesn't build in a system that
On Dec 21, 2007 11:48 AM, Andrew Sullivan [EMAIL PROTECTED] wrote:
On Fri, Dec 21, 2007 at 12:40:05AM -0500, Tom Lane wrote:
whether there is a useful policy for it to implement. Andrew Sullivan
argued upthread that we cannot get anywhere with both keys and encrypted
function bodies
Hello,
I am changing the file pg_index, it is necessary to generate a new file
postgres.bki? How to generate? Using the command:
./genbki.sh
Thanks
--
Pedro Belmino.
# Ciência da Computação - UNIFOR
# [EMAIL PROTECTED]
Merlin Moncure [EMAIL PROTECTED] writes:
ISTM the main issue is how exactly the authenticated user interacts
with the actor to give it the information it needs to get the real
key. This is significant because we don't want to be boxed into an
actor implementation that doesn't allow that
Pedro Belmino [EMAIL PROTECTED] writes:
I am changing the file pg_index, it is necessary to generate a new file
postgres.bki? How to generate?
make will take care of it.
regards, tom lane
---(end of broadcast)---
TIP 9:
On Fri, Dec 21, 2007 at 01:57:44PM -0500, Tom Lane wrote:
Merlin Moncure [EMAIL PROTECTED] writes:
ISTM the main issue is how exactly the authenticated user interacts
with the actor to give it the information it needs to get the real
key. This is significant because we don't want to be
Andrew Sullivan [EMAIL PROTECTED] writes:
Hmm; this may be exactly part of the problem, though. It seems there are
two possible cases in play:
1.Protect the content in the database (in this case, function bodies)
from _all_ users on a given server. This is a case where you want to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 21 Dec 2007 16:47:46 -0500
Andrew Sullivan [EMAIL PROTECTED] wrote:
On Fri, Dec 21, 2007 at 04:19:51PM -0500, Tom Lane wrote:
2.Protect the content of a field from _some_ users on a
given system,
I would argue that (2) is
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
Alvaro Herrera wrote:
indent needs the typedef list. Maybe we can hack something based on
typedefs in the source code, instead of object files.
The only think of is to grab typedefs from the object file and then also
try to get
On Fri, Dec 21, 2007 at 04:19:51PM -0500, Tom Lane wrote:
2. Protect the content of a field from _some_ users on a given system,
I would argue that (2) is reasonably well served today by setting up
separate databases for separate users.
I thought actually this was one of the use-cases we
On Dec 20, 2007, at 2:36 AM, Gokulakannan Somasundaram wrote:
I checked it by creating a table with 10 columns on a 32 bit
machine. i inserted 100,000 rows with trailing nulls and i observed
savings of 400Kbytes.
That doesn't really tell us anything... how big was the table
originally?
On Fri, 2007-21-12 at 18:05 -0400, Andrew Sullivan [EMAIL PROTECTED]
wrote:
2. Protect the content of a field from _some_ users on a given
system,
I would argue that (2) is reasonably well served today by setting up
separate databases for separate users.
I thought actually this
Decibel! wrote:
I fear the real complexity would be (as always) in the planner
rather than the
executor. I haven't really looked into what it would take to
arrange this or
how to decide when to do it.
TODO?
This email was added to the 8.4 queue:
When inserting a timetz in binary mode, there are no range checks on the time
value (nor on the zone). In text mode, things are fine:
postgres=# insert into t values ('24:00:00.01-05'::timetz);
ERROR: date/time field value out of range: 24:00:00.01-05
// 24:00:00.01-05
double d =
Martijn van Oosterhout wrote:
-- Start of PGP signed section.
On Tue, Dec 18, 2007 at 09:32:51AM -0300, Alvaro Herrera wrote:
Martijn van Oosterhout wrote:
On Mon, Dec 17, 2007 at 01:48:31PM +, Alvaro Herrera wrote:
Log Message:
---
Improve wording.
I agree that
Alvaro Herrera wrote:
Martijn van Oosterhout wrote:
On Mon, Dec 17, 2007 at 01:48:31PM +, Alvaro Herrera wrote:
Log Message:
---
Improve wording.
I'd suggest removing everything between the parentheses, or perhaps
something like: By tracking allocated memory rather
Andrew Chernow [EMAIL PROTECTED] writes:
I think a range check is needed in timetz_recv time_recv.
I think that the design philosophy for the binary I/O code is to be as
fast as safely possible, and accordingly range-checks are present only
where needed for the backend to defend itself. Is
bruce wrote:
I think your proposed wording is removed enough from what the
complainant was saying that it is not worth to stick it in. The point
here is, to what extent do we want to spoon-feed careless sysadmins?
OK, I have removed the paratheses paragraph about fork() and added link
I'm working on a decoder to take a raw main/base file and given table format
parameters to pull out relevant data.
My question is whether anyone has developed such a tool. Something that
takes the raw file and table format as input and creates an ascii dump
(similar to pgdump).
The purpose is to
31 matches
Mail list logo
