Postgres Pro
Downloads
Home   >   mailing lists

Re: Transparent column encryption - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: Transparent column encryption
Date
Msg-id 75f394fa-f539-1875-079c-c654deceed41@enterprisedb.com
Whole thread Raw
In response to Re: Transparent column encryption  (Peter Eisentraut <peter.eisentraut@enterprisedb.com>)
Responses Re: Transparent column encryption
List pgsql-hackers
Tree view 
Here is another updated patch.  Some preliminary work was committed, 
which allowed this patch to get a bit smaller.  I have incorporated some 
recent reviews, and also fixed some issues pointed out by recent CI 
additions (address sanitizer etc.).

The psql situation in this patch is temporary: It still has the \gencr 
command from previous versions, but I plan to fold this into the new 
\bind command.


On 14.10.22 08:27, Peter Eisentraut wrote:
> Here is an updated version with the tests on Windows working again, and 
> some typos fixed.
> 
> On 27.09.22 15:51, Peter Eisentraut wrote:
>> Updated version with meson build system support added (for added files 
>> and new tests).
>>
>> On 21.09.22 23:37, Peter Eisentraut wrote:
>>> New version with some merge conflicts resolved, and I have worked to 
>>> resolve several "TODO" items that I had noted in the code.
>>>
>>> On 13.09.22 10:27, Peter Eisentraut wrote:
>>>> Here is an updated patch that resolves some merge conflicts; no 
>>>> functionality changes over v6.
>>>>
>>>> On 30.08.22 13:35, Peter Eisentraut wrote:
>>>>> Here is an updated patch.
>>>>>
>>>>> I mainly spent time on adding a full set of DDL commands for the 
>>>>> keys. This made the patch very bulky now, but there is not really 
>>>>> anything surprising in there.  It probably needs another check of 
>>>>> permission handling etc., but it's got everything there to try it 
>>>>> out.  Along with the DDL commands, the pg_dump side is now fully 
>>>>> implemented.
>>>>>
>>>>> Secondly, I isolated the protocol changes into a protocol extension 
>>>>> with the name _pq_.column_encryption.  So by default there are no 
>>>>> protocol changes and this feature is disabled.  AFAICT, we haven't 
>>>>> actually ever used the _pq_ protocol extension mechanism, so it 
>>>>> would be good to review whether this was done here in the intended 
>>>>> way.
>>>>>
>>>>> At this point, the patch is sort of feature complete, meaning it 
>>>>> has all the concepts, commands, and interfaces that I had in mind.  
>>>>> I have a long list of things to recheck and tighten up, based on 
>>>>> earlier feedback and some things I found along the way.  But I 
>>>>> don't currently plan any more major architectural or design 
>>>>> changes, pending feedback.  (Also, the patch is now very big, so 
>>>>> anything additional might be better for a future separate patch.)
Attachment

pgsql-hackers by date:

Previous
From: Roberto C. Sánchez
Date:
Subject: Re: Question concerning backport of CVE-2022-2625
Next
From: Dean Rasheed
Date:
Subject: Re: Another multi-row VALUES bug