Re: Transparent column encryption
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Transparent column encryption |
| Дата | |
| Msg-id | 75f394fa-f539-1875-079c-c654deceed41@enterprisedb.com обсуждение исходный текст |
| Ответ на | Re: Transparent column encryption (Peter Eisentraut <peter.eisentraut@enterprisedb.com>) |
| Ответы |
Re: Transparent column encryption
|
| Список | pgsql-hackers |
Here is another updated patch. Some preliminary work was committed, which allowed this patch to get a bit smaller. I have incorporated some recent reviews, and also fixed some issues pointed out by recent CI additions (address sanitizer etc.). The psql situation in this patch is temporary: It still has the \gencr command from previous versions, but I plan to fold this into the new \bind command. On 14.10.22 08:27, Peter Eisentraut wrote: > Here is an updated version with the tests on Windows working again, and > some typos fixed. > > On 27.09.22 15:51, Peter Eisentraut wrote: >> Updated version with meson build system support added (for added files >> and new tests). >> >> On 21.09.22 23:37, Peter Eisentraut wrote: >>> New version with some merge conflicts resolved, and I have worked to >>> resolve several "TODO" items that I had noted in the code. >>> >>> On 13.09.22 10:27, Peter Eisentraut wrote: >>>> Here is an updated patch that resolves some merge conflicts; no >>>> functionality changes over v6. >>>> >>>> On 30.08.22 13:35, Peter Eisentraut wrote: >>>>> Here is an updated patch. >>>>> >>>>> I mainly spent time on adding a full set of DDL commands for the >>>>> keys. This made the patch very bulky now, but there is not really >>>>> anything surprising in there. It probably needs another check of >>>>> permission handling etc., but it's got everything there to try it >>>>> out. Along with the DDL commands, the pg_dump side is now fully >>>>> implemented. >>>>> >>>>> Secondly, I isolated the protocol changes into a protocol extension >>>>> with the name _pq_.column_encryption. So by default there are no >>>>> protocol changes and this feature is disabled. AFAICT, we haven't >>>>> actually ever used the _pq_ protocol extension mechanism, so it >>>>> would be good to review whether this was done here in the intended >>>>> way. >>>>> >>>>> At this point, the patch is sort of feature complete, meaning it >>>>> has all the concepts, commands, and interfaces that I had in mind. >>>>> I have a long list of things to recheck and tighten up, based on >>>>> earlier feedback and some things I found along the way. But I >>>>> don't currently plan any more major architectural or design >>>>> changes, pending feedback. (Also, the patch is now very big, so >>>>> anything additional might be better for a future separate patch.)
Вложения
В списке pgsql-hackers по дате отправления: