Hosting Provided By

Re: [GENERAL] Securing stored procedures and triggers

From: Douglas McNaught <doug(at)mcnaught.org>
Date: Wed Oct 31 2007 - 15:50:10 EDT

"Scott Marlowe" <scott.marlowe@gmail.com> writes:

> On 10/31/07, Douglas McNaught <doug@mcnaught.org> wrote:
>
>> The only bulletproof way to do this currently is to write all your
>> stored functions in C and load them as a shared library.
>
> Well, as I pointed out in my post, even that's not bullet-proof. As
> long as decompilers / debuggers etc... exist, then compiling is just a
> small barrier to a good hacker. The only way to win is not to play,
> i.e. keep the code in house.

Very true, I should have said "semi-bulletproof". :)

In addition, the "interesting" parts of a C function would be the SPI queries, which unless further obfuscated would be easily extractable from the library using strings(1).

-Doug

---------------------------(end of broadcast)---------------------------

TIP 6: explain analyze is your friend Received on Wed Oct 31 18:34:45 2007

This message: [ Message body ]
Next message: mgould: "Re: [GENERAL] Securing stored procedures and triggers"
Previous message: Gauthier, Dave: "[GENERAL] how can I shut off "more"?"
In reply to: Scott Marlowe: "Re: [GENERAL] Securing stored procedures and triggers"
Next in thread: Scott Marlowe: "Re: [GENERAL] Securing stored procedures and triggers"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Mon Jun 16 2008 - 19:10:33 EDT