Re: pgcrypto question - Mailing list pgsql-general

From Tomas Vondra
Subject Re: pgcrypto question
Date
Msg-id 20191007194951.jxdmeiqobifx4ja4@development
Whole thread Raw
In response to Re: pgcrypto question  (Erik Aronesty <erik@q32.com>)
Responses Re: pgcrypto question
List pgsql-general
On Mon, Oct 07, 2019 at 02:51:30PM -0400, Erik Aronesty wrote:
>Good idea for "psycopg".  It would be easy for a POC, but I think the
>only meaningful layer to operate at would be a libpq drop-in
>replacement that intercepts PQgetvalue, PQprepare, PQexecParams,
>PQexecPrepared ... etc.   That way odbc, python, node, etc would "just
>work".... as long as you used LD_PRELOAD appropriately.
>

It's not clear to me how would that know which columns are encrypted,
with what key, etc. Because those encrypted columns are essentially just
regular bytea columns, so there's no easy way to distinguish them.

I'm no psycopg2 expert, but it does have some infrastructure for casting
PostgreSQL types to Python types, and I guess that could be used for the
encryption.

regards

-- 
Tomas Vondra                  http://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



pgsql-general by date:

Previous
From: Erik Aronesty
Date:
Subject: Re: pgcrypto question
Next
From: Bruce Momjian
Date:
Subject: Re: Event Triggers and Dropping Objects