> On Feb 11, 2023, at 1:54 PM, Mark Dilger <mark.dilger@enterprisedb.com> wrote:
>
> Here are some observations
I should mention, src/sgml/html/libpq-exec.html needs clarification:
> paramFormats[]Specifies whether parameters are text (put a zero in the array entry for the corresponding parameter)
orbinary (put a one in the array entry for the corresponding parameter). If the array pointer is null then all
parametersare presumed to be text strings.
Perhaps you should edit this last sentence to say that all parameters are presumed to be test strings without forced
encryption.
> Values passed in binary format require knowledge of the internal representation expected by the backend. For example,
integersmust be passed in network byte order. Passing numeric values requires knowledge of the server storage format,
asimplemented in src/backend/utils/adt/numeric.c::numeric_send() and src/backend/utils/adt/numeric.c::numeric_recv().
> When column encryption is enabled, the second-least-significant byte of this parameter specifies whether encryption
shouldbe forced for a parameter.
The value 0x10 has a one as its second-least-significant *nibble*, but that's a really strange way to describe the
high-ordernibble, and perhaps not what you mean. Could you clarify?
> Set this byte to one to force encryption.
I think setting the byte to one (0x01) means "binary unencrypted", not "force encryption". Don't you mean to set this
byteto 16?
> For example, use the C code literal 0x10 to specify text format with forced encryption. If the array pointer is null
thenencryption is not forced for any parameter.
> If encryption is forced for a parameter but the parameter does not correspond to an encrypted column on the server,
thenthe call will fail and the parameter will not be sent. This can be used for additional security against a
compromisedserver. (The drawback is that application code then needs to be kept up to date with knowledge about which
columnsare encrypted rather than letting the server specify this.)
I think you should say something about how specifying 0x11 will behave -- in other words, asking for encrypted binary
data. I believe that this is will draw a "format must be text for encrypted parameter" error, and that the docs should
clearlysay so.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company