> On Feb 11, 2023, at 1:54 PM, Mark Dilger <mark.dil...@enterprisedb.com> wrote:
>
> Here are some observations
I should mention, src/sgml/html/libpq-exec.html needs clarification:
> paramFormats[]Specifies whether parameters are text (put a zero in the array
> entry for the corresponding parameter) or binary (put a one in the array
> entry for the corresponding parameter). If the array pointer is null then all
> parameters are presumed to be text strings.
Perhaps you should edit this last sentence to say that all parameters are
presumed to be test strings without forced encryption.
> Values passed in binary format require knowledge of the internal
> representation expected by the backend. For example, integers must be passed
> in network byte order. Passing numeric values requires knowledge of the
> server storage format, as implemented in
> src/backend/utils/adt/numeric.c::numeric_send() and
> src/backend/utils/adt/numeric.c::numeric_recv().
> When column encryption is enabled, the second-least-significant byte of this
> parameter specifies whether encryption should be forced for a parameter.
The value 0x10 has a one as its second-least-significant *nibble*, but that's a
really strange way to describe the high-order nibble, and perhaps not what you
mean. Could you clarify?
> Set this byte to one to force encryption.
I think setting the byte to one (0x01) means "binary unencrypted", not "force
encryption". Don't you mean to set this byte to 16?
> For example, use the C code literal 0x10 to specify text format with forced
> encryption. If the array pointer is null then encryption is not forced for
> any parameter.
> If encryption is forced for a parameter but the parameter does not correspond
> to an encrypted column on the server, then the call will fail and the
> parameter will not be sent. This can be used for additional security against
> a compromised server. (The drawback is that application code then needs to be
> kept up to date with knowledge about which columns are encrypted rather than
> letting the server specify this.)
I think you should say something about how specifying 0x11 will behave -- in
other words, asking for encrypted binary data. I believe that this is will
draw a "format must be text for encrypted parameter" error, and that the docs
should clearly say so.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
