Re: Transparent column encryption

On 22.03.23 10:00, Peter Eisentraut wrote:
>> I get that for the type, but why do we need the typmod duplicated as 
>> well?
> 
> Earlier patch versions didn't do that, but that got really confusing 
> about which type the typmod really belonged to, since code currently 
> assumes that typid+typmod makes sense.  Earlier patch versions had three 
> fields (usertypid, keyid, encalg), and then I changed it to (usertypid, 
> usertypmod, keyid) and instead placed the encalg into the real typmod, 
> which made everything much cleaner.

I thought about this some more.  I think we could get rid of 
attusertypmod and just hardcode it as -1.  The idea would be that if you 
ask for an encrypted column of type, say, varchar(500), the server isn't 
able to enforce that anyway, so we could just prohibit specifying a 
nondefault typmod for encrypted columns.

I'm not sure if there are weird types that use typmods in some way where 
this wouldn't work.  But so far I could not think of anything.

I'll look into this some more.