Thread: BUG #14103: stored function encryption

BUG #14103: stored function encryption

From

salianjag@gmail.com

Date:

20 April 2016, 13:50:23

The following bug has been logged on the website:

Bug reference:      14103
Logged by:          Jagadeesha
Email address:      salianjag@gmail.com
PostgreSQL version: 9.5.2
Operating system:   Windows 7
Description:

how to encrypt functions in Postgresql so that we can hide all my business
logic ?

is there any option like with encryption present in MS SQL ?

Re: BUG #14103: stored function encryption

From

John R Pierce

Date:

20 April 2016, 13:54:46

On 4/20/2016 3:59 AM, salianjag@gmail.com wrote:
> how to encrypt functions in Postgresql so that we can hide all my business
> logic ?

write them in C or another compiled language, supply them as .SO (or
.dll) files.

> is there any option like with encryption present in MS SQL ?

no.

--
john r pierce, recycling bits in santa cruz

Re: BUG #14103: stored function encryption

From

Bruce Momjian

Date:

30 April 2016, 02:01:37

On Wed, Apr 20, 2016 at 06:54:37AM -0700, John R Pierce wrote:
> On 4/20/2016 3:59 AM, salianjag@gmail.com wrote:
> >how to encrypt functions in Postgresql so that we can hide all my business
> >logic ?
>
> write them in C or another compiled language, supply them as .SO (or .dll)
> files.

FYI, you can often run 'strings' on the object file to see the SQL
queries.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +

Re: BUG #14103: stored function encryption

From

John R Pierce

Date:

30 April 2016, 06:27:57

On 4/29/2016 7:01 PM, Bruce Momjian wrote:
>>> how to encrypt functions in Postgresql so that we can hide all my business
>>> > >logic ?
>> >
>> >write them in C or another compiled language, supply them as .SO (or .dll)
>> >files.
> FYI, you can often run 'strings' on the object file to see the SQL
> queries.

hah, true, so I guess if you really want to hide it, you've got to hash
all your string constants, or use an obtuse sql generator.



--
john r pierce, recycling bits in santa cruz

Re: BUG #14103: stored function encryption

From

Bruce Momjian

Date:

30 April 2016, 23:01:07

On Fri, Apr 29, 2016 at 10:01:30PM -0400, Bruce Momjian wrote:
> On Wed, Apr 20, 2016 at 06:54:37AM -0700, John R Pierce wrote:
> > On 4/20/2016 3:59 AM, salianjag@gmail.com wrote:
> > >how to encrypt functions in Postgresql so that we can hide all my business
> > >logic ?
> >
> > write them in C or another compiled language, supply them as .SO (or .dll)
> > files.
>
> FYI, you can often run 'strings' on the object file to see the SQL
> queries.

Seeing the SQL with 'strings' requires you have read access to the *.so
library files.

Also, this thread suggests that removing SELECT permission on
pg_proc.prosrc allows you to prevent users from seeing the function,
though it doesn't prevent a Postgres super-user from seeing it:


http://www.postgresql.org/message-id/0100015338ce42f6-58727615-2385-4a80-9a73-c321c21c6928-000000@email.amazonses.com

I am surprised you can still call the function if you do that.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +