From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com> |
Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> |
Subject: | Re: Proposed patch for key managment |
Date: | 2020-12-07 04:42:23 |
Message-ID: | 20201207044223.GA12952@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Dec 7, 2020 at 09:30:03AM +0900, Masahiko Sawada wrote:
> Thank you for updating the patch!
>
> I think we need explicit_bzero() also in freeing the keywrap context.
pg_cryptohash_free() already has this:
explicit_bzero(state, sizeof(pg_cryptohash_state));
explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
Do we need more?
> BTW, when we need -R option pg_ctl command to start the server, how
> can we start it in the single-user mode?
I added code for that, but I hadn't tested it yet. Now that I tried it,
I realized that it is awkward to supply a file descriptor number (that
will be closed) from the command-line, so I added code and docs to allow
-1 to duplicate standard error, and it worked:
$ postgres --single -R -1 -D /u/pg/data
Enter password:
PostgreSQL stand-alone backend 14devel
backend> select 100;
1: ?column? (typeid = 23, len = 4, typmod = -1, byval = t)
----
1: ?column? = "100" (typeid = 23, len = 4, typmod = -1, byval = t)
----
Updated patch at the same URL:
https://github.com/postgres/postgres/compare/master...bmomjian:key.diff
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2020-12-07 04:46:12 | Re: Proposed patch for key managment |
Previous Message | Craig Ringer | 2020-12-07 04:31:53 | Re: Single transaction in the tablesync worker? |