Hans-Juergen Schoenig napsal(a):
the idea is basically to hide codes - many companies want that and ask for it again and again.

i would suggest keys to reside in $PGDATA. we do this for SSL and so already.

initdb could create such keys so that they are unique to every database instance. decrypting could be avoided as much as possible basically we should just decrypt on first all and when it changes.

But, Companies want to hide code also because they distribute their software. If you store key somewhere on server, user will be able to decrypt the original code. If I remember correctly Oracle wrap generates something like bytecode and each Oracle installation is able to understand them. But It is not possible decode it back to original form.

My suggestion is to extend PL API and each PL language should offer wrap or encrypt function which generate encrypted code and this code will be store in the pg_proc. PL language will be responsible to detect if it raw or crypted code. PG_Dump will dump crypted procedure and author is responsible keep his uncrypted version in source repository.


---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to [EMAIL PROTECTED] so that your
      message can get through to the mailing list cleanly

Reply via email to