On 12.01.23 17:32, Peter Eisentraut wrote:
>> Can we do anything about the attack vector wherein a malicious DBA
>> simply copies the encrypted datum from one row to another?
>
> We discussed this earlier [0]. This patch is not that feature. We
> could get there eventually, but it would appear to be an immense amount
> of additional work. We have to start somewhere.
I've been thinking, this could be done as a "version 2" of the currently
proposed feature, within the same framework. We'd extend the
RowDescription and ParameterDescription messages to provide primary key
information, some flags, then the client would have enough to know what
to do. As you wrote in your follow-up message, a challenge would be to
handle statements that do not touch all the columns. We'd need to work
through this and consider all the details.