On Mon, Jul 11, 2005 at 09:27:19AM -0700, Josh Berkus wrote: > David, > > > That some "larger organizations" choose to use the known-unsafe > > method of security by obscurity is not a reason for anybody here > > to expend any effort helping them persist in this illusion: quite > > the opposite, in fact. "Larger organizations" are likely to have > > security needs which they actually need to address, not to pretend > > they've addressed while actually making things easy for attackers. > > Hmmm, I agree with Merlin, I think. It would be nice if users who > didn't have permission to EXECUTE functions couldn't view their > code, either.
Why? > This would probably carry a performance penalty, though. > Users with EXECUTE permission not being able to see code just isn't > practical; we support too many interpreted languages. If this is a > concern, use C functions and compile binaries. That's secure. With all due respect, it's not even *close* to secure. There are plenty of tools out there that allow a person to de-compile a shared library. A lot of people have learned the hard way over the decades that any security measure that depends on the attacker's not knowing the implementation details is fragile, often disastrously so, e.g. the Enigma machine & friends. There is no good reason for us to help perpetuate the myth of security by obscurity, and plenty of good reasons for us *not* to do so. Cheers, D -- David Fetter [EMAIL PROTECTED] http://fetter.org/ phone: +1 510 893 6100 mobile: +1 415 235 3778 Remember to vote! ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq