Hans-Juergen Schoenig napsal(a):
the idea is basically to hide codes - many companies want that and ask
for it again and again.
i would suggest keys to reside in $PGDATA. we do this for SSL and so
already.
initdb could create such keys so that they are unique to every database
instance.
decrypting could be avoided as much as possible basically we should just
decrypt on first all and when it changes.
But, Companies want to hide code also because they distribute their software. If
you store key somewhere on server, user will be able to decrypt the original
code. If I remember correctly Oracle wrap generates something like bytecode and
each Oracle installation is able to understand them. But It is not possible
decode it back to original form.
My suggestion is to extend PL API and each PL language should offer wrap or
encrypt function which generate encrypted code and this code will be store in
the pg_proc. PL language will be responsible to detect if it raw or crypted
code. PG_Dump will dump crypted procedure and author is responsible keep his
uncrypted version in source repository.
Zdenek
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
