1

We have developed stored procedures and functions in a Postgres database which is performing the ETL process. This is deployed at the client system so we need to protect our code been mis-used/modified by the client place.

Is there any way to protect from viewing the stored procedure / function created. Current we have provided the dedicated user account which don't have the access to the function and has access only to the tables. Since the database is at the client place they will be able to access the system with the administration account and gain access to the function and stored procedure.

We would like to set the password/Encrypt the procedure for modification. But should have the execute permission without the password for procedure and function.

We are using the postgres 11 for our development.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Arun Kumar
  • 11
  • 1
  • [Features we don't want](https://wiki.postgresql.org/wiki/Todo#Features_We_Do_Not_Want): "*Obfuscated function source code*" –  Feb 21 '20 at 14:31
  • The only way you can "obfuscate" your functions is to write them in C and deploy them as a shared library (e.g. as part of an extension) –  Feb 21 '20 at 14:32
  • i dont have knowledge on c can u help me with the sample steps and pre-request for writing the script on c – Arun Kumar Feb 24 '20 at 06:11

1 Answers1

0

You can achieve this by following way.

1) Keep the superuser credential with you and revoke all the access related to your schema.

REVOKE ALL ON schema public FROM public;

Edit: after the above command, only a superuser may create new objects inside the public schema, which is not practical. Assuming a non-superuser foo_user should be granted this privilege, this should be done with:

GRANT ALL ON schema public TO foo_user;

To know what ALL means for a schema, we must refer to GRANT in the doc. It appears that for a schema it means CREATE and USAGE.

So the solution for your problem is created different type of PostgreSQL DB users with different permission.

Same way creates one PostgreSQL user for the client gives that detail.

Hope this will solve your problem.

Harshit Shah
  • 319
  • 1
  • 2
  • 11
  • I have already done this as a work around. But my actual situation is the server is managed by client and we have deployed our procedure and function over there. i don't want there admin team to have access on our procedure and function – Arun Kumar Feb 24 '20 at 06:09