On Thu, 25 Sep 2008, Christophe wrote:
it strikes me that a reasonable approach would be a non-core pluggable language which accepts encrypted strings as functions, decrypts them (using a key compiled into the language module), and passes them on to PL/pgSQL for execution...This would, of course, be easily hacked with someone who can step through the language module with a debugger
If we presume that the module doing the encryption/decryption is itself is a common open-source implementation, all I have to do is read in the de-obfuscator code byte at a time, stopping every time I have a key length worth of bytes to see if they unlock something that looks like plaintext. You have to move to at least another layer of relatively serious security before you need debugger-level skills to crack it.
People routinely tear through protection like this even on closed-source systems that benefit some from security by obscurity, and if you can know the method used that usually allows an even easier approach.
-- * Greg Smith [EMAIL PROTECTED] http://www.gregsmith.com Baltimore, MD -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
