| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Transparent column encryption |
| Date: | 2023-02-22 10:25:50 |
| Message-ID: | 40c43d0d-ae4b-fe34-2667-771b3718384e@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
New patch.
Per some feedback, I have renamed this feature. People didn't like the
"transparent", for various reasons. The new name I came up with is
"automatic client-side column-level encryption". This also matches the
terminology used in other products better. (Maybe the acronym ACSCLE --
pronounced "a chuckle" -- will catch on.) I'm also using various
subsets of that name when the context is clear.
Other changes since v15:
- CEKs and CMKs now have USAGE privileges. (There are some TODO markers
where I got too bored with boilerplate. I will fill those in, but the
idea should be clear.)
- Renamed attrealtypid to attusertypid. (It wasn't really "real".)
- Added corresponding attusertypmod.
- Removed attencalg, it's now stored in atttypmod.
(The last three together make the whole attribute storage work more
sensibly and smoothly.)
- Various documentation changes (review by Mark Dilger)
- Added more explicit documentation that this feature is not to protect
against an "evil DBA".
| Attachment | Content-Type | Size |
|---|---|---|
| v16-0001-Automatic-client-side-column-level-encryption.patch | text/plain | 434.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2023-02-22 10:29:41 | Re: Transparent column encryption |
| Previous Message | shiy.fnst@fujitsu.com | 2023-02-22 10:21:51 | RE: "out of relcache_callback_list slots" after multiple calls to pg_logical_slot_get_binary_changes |