public inbox for [email protected]  
help / color / mirror / Atom feed
From: Peter Eisentraut <[email protected]>
To: Andres Freund <[email protected]>
Cc: pgsql-hackers <[email protected]>
Subject: Re: Transparent column encryption
Date: Tue, 21 Mar 2023 18:05:15 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <CALDaNm393nCjM1GenCem=9kOfZxbSadsTSn48WDVomwPnfnCFw@mail.gmail.com>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>

On 16.03.23 17:36, Andres Freund wrote:
> Maybe a daft question, but why do we need a separate type and typmod for
> encrypted columns? Why isn't the fact that the column is encrypted exactly one
> new field, and we use the existing type/typmod fields?

The way this is implemented is that for an encrypted column, the real 
atttypid and atttypmod are one of the encrypted special types 
(pg_encrypted_*).  That way, most of the system doesn't need to care 
about the details of encryption or whatnot, it just unpacks tuples etc. 
by looking at atttypid, atttyplen, etc., and queries on encrypted data 
behave normally by just looking at what operators etc. those types have. 
  This approach heavily contains the number of places that need to know 
about this feature at all.

>> Do we need to decouple tuple descriptors from pg_attribute altogether?
> 
> Yes. Very clearly. The amount of memory and runtime we spent on tupledescs is
> disproportionate. A second angle is that we build tupledescs way way too
> frequently. The executor infers them everywhere, so not even prepared
> statements protect against that.
> 
> 
>> How do we decide what goes into the tuple descriptor and what does not?  I'm
>> interested in addressing this, because obviously we do want the ability to
>> add more features in the future, but I don't know what the direction should
>> be.
> 
> We've had some prior discussion around this, see e.g.
> https://postgr.es/m/20210819114435.6r532qbadcsyfscp%40alap3.anarazel.de

This sounds like a good plan.








view thread (9+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: Transparent column encryption
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox