Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pO2uM-0006Mv-KR for pgsql-hackers@arkaria.postgresql.org; Fri, 03 Feb 2023 20:43:42 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1pO2uL-00060H-Ck for pgsql-hackers@arkaria.postgresql.org; Fri, 03 Feb 2023 20:43:41 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pO2uL-0005va-1G for pgsql-hackers@lists.postgresql.org; Fri, 03 Feb 2023 20:43:41 +0000 Received: from mail-oa1-x36.google.com ([2001:4860:4864:20::36]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1pO2uI-0008AN-AQ for pgsql-hackers@postgresql.org; Fri, 03 Feb 2023 20:43:40 +0000 Received: by mail-oa1-x36.google.com with SMTP id 586e51a60fabf-163bd802238so8111621fac.1 for ; Fri, 03 Feb 2023 12:43:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=timescale.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=P5wUg7DrEjga4gS2hTQAkyz6SCbWno6jbVs23nWznUM=; b=jpWZcqR2VRorOPNC2z2uAsAJbdt+8R8aQJzugC9rdtXaWjRt6F7lu+yKdZ742sxO1J 5IXS7mVpIDsa3ihL4DYiW0Pcjo6mnbUPlca+K57jxrDRqA81y3LEpbU3KS3fIm4N7iCj Y7zOG1YlRlGj0bIFCSHeH5XUuFwHHs7jXCnN07ljon9uutlXl/1nvvOlGrcJ97JL4V4X psuqLuXNohcjOSIpMm1DmesXd8SDtLz61eLQ6J26mjd/0Bka8XIa3B49ZtPRxp8vUzMj fQP2hGEr7GEXUoxCjUUGa0k8m7+I+XpFkBWPMKmLnHw0q0+4k21HqL7Dte5KxTiY8tu/ HENg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=P5wUg7DrEjga4gS2hTQAkyz6SCbWno6jbVs23nWznUM=; b=h9WFrY4ALG/Gl0YB2ImWSBrJjRhhiPsz39mmFZxmTEh8ivZGY1Sm7lQ0iVTlI81Nxk Iw0KLZC0H9Fl61kPe5t1/K9vQWk3da6YHcPoFjfXK4heaF531KQD0Cj0SsS6eOYvCE+z gEI+Eah2oI5t/s4Ow2182Ji+Sfa2bUdzfKS7tIv2dbjf5d5j+sncKDY4dXuIj1DyyjXp QU9vxrrhJhUGzSIwWHo4r/YGyCevgpvJWAwCvP5+hz4e5yIxSjq+X0HaQB7CaZikaooP 8bcy51G6Vbf2xGyoEYd0C6nG4IQOzBwJJ5SfbVcy9Jw8EXp24Ier6tPu0wa67ha+x/J1 alUQ== X-Gm-Message-State: AO0yUKW61R/JWcvOvbjULnjOnCyyvTKNYkiJwNTqyVImULnBbNATf/q0 OLG7q8Hswk3LkoufgBbpKWl/xkR9oK8R8LqPCx6POw== X-Google-Smtp-Source: AK7set9nkQ5vkRA6kzdg7H4YMDkHtfo5KzBcq7uRObeGxgc3mQZfhUIi4x7PEKC+Fr/Gkp5d+B5RPdpLg13ksgzOOwk= X-Received: by 2002:a05:6870:8090:b0:163:7f58:a69e with SMTP id q16-20020a056870809000b001637f58a69emr745831oab.213.1675457015939; Fri, 03 Feb 2023 12:43:35 -0800 (PST) MIME-Version: 1.0 References: <89157929-c2b6-817b-6025-8e4b2d89d88f@enterprisedb.com> <48a9f2c2-4a57-27d8-7c53-16a23a01014e@enterprisedb.com> <79f08a39-a7da-5157-cef4-378fb60c18f8@enterprisedb.com> <258c5064-437e-f41e-7537-5e8c343c33cc@enterprisedb.com> <6bd99fea-3298-854d-d37f-554151342f36@enterprisedb.com> <963aa100-7e78-3463-0645-700eaaa325f2@enterprisedb.com> <06830254-6d87-86b2-0280-bf2eee7736a5@enterprisedb.com> <75f394fa-f539-1875-079c-c654deceed41@enterprisedb.com> <8bcedb49-1496-0755-bd24-1cbabf30ec84@enterprisedb.com> <5003d222-5975-38c1-e471-888e642f23aa@timescale.com> <00b0c4f3-0d9f-dcfd-2ba0-eee5109b4963@enterprisedb.com> <8a1ccf22-2a86-f002-bbd8-49f56729a5f3@enterprisedb.com> In-Reply-To: <8a1ccf22-2a86-f002-bbd8-49f56729a5f3@enterprisedb.com> From: Jacob Champion Date: Fri, 3 Feb 2023 12:43:24 -0800 Message-ID: Subject: Re: Transparent column encryption To: Peter Eisentraut Cc: pgsql-hackers Content-Type: text/plain; charset="UTF-8" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Tue, Jan 31, 2023 at 5:26 AM Peter Eisentraut wrote: > See here for example: > https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15 Hm. I notice they haven't implemented more than one algorithm, so I wonder if they're going to be happy with their decision to mix-and-match when number two arrives. > For pg_dump, I'd like a mode that makes all values parameters of an > INSERT statement. But obviously not all of those will be encrypted. So > I think we'd want a per-parameter syntax. Makes sense. Maybe something that defaults to encrypted with opt-out per parameter? UPDATE t SET name = $1 WHERE id = $2 \encbind "Jacob" plaintext(24) > > More concretely: should psql allow you to push arbitrary text into an > > encrypted \bind parameter, like it does now? > > We don't have any data type awareness like that now in psql or libpq. > It would be quite a change to start now. I agree. It just feels weird that a misbehaving client can "attack" the other client implementations using it, and we don't make any attempt to mitigate it. --Jacob