| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Transparent column encryption |
| Date: | 2022-11-23 18:39:10 |
| Message-ID: | 75f394fa-f539-1875-079c-c654deceed41@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Here is another updated patch. Some preliminary work was committed,
which allowed this patch to get a bit smaller. I have incorporated some
recent reviews, and also fixed some issues pointed out by recent CI
additions (address sanitizer etc.).
The psql situation in this patch is temporary: It still has the \gencr
command from previous versions, but I plan to fold this into the new
\bind command.
On 14.10.22 08:27, Peter Eisentraut wrote:
> Here is an updated version with the tests on Windows working again, and
> some typos fixed.
>
> On 27.09.22 15:51, Peter Eisentraut wrote:
>> Updated version with meson build system support added (for added files
>> and new tests).
>>
>> On 21.09.22 23:37, Peter Eisentraut wrote:
>>> New version with some merge conflicts resolved, and I have worked to
>>> resolve several "TODO" items that I had noted in the code.
>>>
>>> On 13.09.22 10:27, Peter Eisentraut wrote:
>>>> Here is an updated patch that resolves some merge conflicts; no
>>>> functionality changes over v6.
>>>>
>>>> On 30.08.22 13:35, Peter Eisentraut wrote:
>>>>> Here is an updated patch.
>>>>>
>>>>> I mainly spent time on adding a full set of DDL commands for the
>>>>> keys. This made the patch very bulky now, but there is not really
>>>>> anything surprising in there. It probably needs another check of
>>>>> permission handling etc., but it's got everything there to try it
>>>>> out. Along with the DDL commands, the pg_dump side is now fully
>>>>> implemented.
>>>>>
>>>>> Secondly, I isolated the protocol changes into a protocol extension
>>>>> with the name _pq_.column_encryption. So by default there are no
>>>>> protocol changes and this feature is disabled. AFAICT, we haven't
>>>>> actually ever used the _pq_ protocol extension mechanism, so it
>>>>> would be good to review whether this was done here in the intended
>>>>> way.
>>>>>
>>>>> At this point, the patch is sort of feature complete, meaning it
>>>>> has all the concepts, commands, and interfaces that I had in mind.
>>>>> I have a long list of things to recheck and tighten up, based on
>>>>> earlier feedback and some things I found along the way. But I
>>>>> don't currently plan any more major architectural or design
>>>>> changes, pending feedback. (Also, the patch is now very big, so
>>>>> anything additional might be better for a future separate patch.)
| Attachment | Content-Type | Size |
|---|---|---|
| v11-0001-Transparent-column-encryption.patch | text/plain | 364.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dean Rasheed | 2022-11-23 18:43:58 | Re: Another multi-row VALUES bug |
| Previous Message | Roberto C. Sánchez | 2022-11-23 18:35:27 | Re: Question concerning backport of CVE-2022-2625 |