From d9dcf23d25ba4452fb12c4b065ab5215e2228882 Mon Sep 17 00:00:00 2001 From: Justin Pryzby Date: Fri, 6 Jan 2023 18:28:59 -0600 Subject: [PATCH] f! --- doc/src/sgml/datatype.sgml | 4 ++-- doc/src/sgml/ddl.sgml | 4 ++-- doc/src/sgml/libpq.sgml | 2 +- doc/src/sgml/protocol.sgml | 2 +- src/bin/pg_dump/pg_dump.c | 4 ++-- src/interfaces/libpq/fe-exec.c | 12 ++++++------ 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/doc/src/sgml/datatype.sgml b/doc/src/sgml/datatype.sgml index 56b2e1d0d1e..243e6861506 100644 --- a/doc/src/sgml/datatype.sgml +++ b/doc/src/sgml/datatype.sgml @@ -5369,7 +5369,7 @@ WHERE ... pg_encrypted_rnd (for randomized encryption) or pg_encrypted_det (for deterministic encryption); see . Most of the database system treats - this as normal types. For example, the type pg_encrypted_det has + these as normal types. For example, the type pg_encrypted_det has an equals operator that allows lookup of encrypted values. It is, however, not allowed to create a table using one of these types directly as a column type. @@ -5383,7 +5383,7 @@ WHERE ... Clients that don't support transparent column encryption or have disabled it will see the encrypted values in this format. Clients that support transparent data encryption will not see these types in result sets, as - the protocol layer will translate them back to declared underlying type in + the protocol layer will translate them back to the declared underlying type in the table definition. diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml index b8364a91f9a..a7624d6a60c 100644 --- a/doc/src/sgml/ddl.sgml +++ b/doc/src/sgml/ddl.sgml @@ -1263,7 +1263,7 @@ CREATE TABLE customers ( randomized encryption, which is the default. Randomized encryption uses a random initialization vector for each encryption, so that even if the plaintext of two rows is equal, the encrypted values will be different. - This prevents someone with direct access to the database server to make + This prevents someone with direct access to the database server from making computations such as distinct counts on the encrypted values. Deterministic encryption uses a fixed initialization vector. This reduces security, but it allows equality searches on encrypted values. The @@ -1540,7 +1540,7 @@ export PGCMKLOOKUP In general, column encryption is never a replacement for additional - security and encryption techniques such as transmission encryption + security and encryption techniques such as transport encryption (SSL/TLS), storage encryption, strong access control, and password security. Column encryption only targets specific use cases and should be used in conjunction with additional security measures. diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index a2d413bafd5..9b7f76db7a9 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -3012,7 +3012,7 @@ PGresult *PQexecParams(PGconn *conn, If encryption is forced for a parameter but the parameter does not correspond to an encrypted column on the server, then the call will fail and the parameter will not be sent. This can be used - for additional security against a comprimised server. (The + for additional security against a compromised server. (The drawback is that application code then needs to be kept up to date with knowledge about which columns are encrypted rather than letting the server specify this.) diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index 1a9b8abd7f2..caa6e3174ee 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -5807,7 +5807,7 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;" If the field is encrypted, this specifies the identifier of the - encrypt algorithm, else zero. + encryption algorithm, else zero. diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index f82c2496fd5..99f2583c34a 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -690,7 +690,7 @@ main(int argc, char **argv) * --rows-per-insert were specified. */ if (dopt.cparams.column_encryption && dopt.dump_inserts == 0) - pg_fatal("option --decrypt_encrypted_columns requires option --inserts, --rows-per-insert, or --column-inserts"); + pg_fatal("option --decrypt-encrypted-columns requires option --inserts, --rows-per-insert, or --column-inserts"); if (dopt.do_nothing && dopt.dump_inserts == 0) pg_fatal("option --on-conflict-do-nothing requires option --inserts, --rows-per-insert, or --column-inserts"); @@ -13546,7 +13546,7 @@ dumpColumnEncryptionKey(Archive *fout, const CekInfo *cekinfo) appendPQExpBuffer(query, ")"); if (i < cekinfo->numdata - 1) - appendPQExpBuffer(query, ", "); + appendPQExpBuffer(query, ", "); } appendPQExpBufferStr(query, ";\n"); diff --git a/src/interfaces/libpq/fe-exec.c b/src/interfaces/libpq/fe-exec.c index 4e835d6c681..7c7e2bac128 100644 --- a/src/interfaces/libpq/fe-exec.c +++ b/src/interfaces/libpq/fe-exec.c @@ -1699,13 +1699,13 @@ pqRowProcessor(PGconn *conn, const char **errmsgp) } else { - val = (char *) pqResultAlloc(res, clen + 1, isbinary); - if (val == NULL) - goto fail; + val = (char *) pqResultAlloc(res, clen + 1, isbinary); + if (val == NULL) + goto fail; - /* copy and zero-terminate the data (even if it's binary) */ - memcpy(val, columns[i].value, clen); - val[clen] = '\0'; + /* copy and zero-terminate the data (even if it's binary) */ + memcpy(val, columns[i].value, clen); + val[clen] = '\0'; } tup[i].len = clen; -- 2.25.1