n KMS APIs
to be used by a front end.
cheers
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highgo.ca
http://www.highgo.ca
On Mon, 24 Feb 2020 17:55:09 -0800 Masahiko Sawada
wrote
On Thu, 20 Feb 2020 at 16:16, Masahiko Sawada
<mailto
method is set to "cert"
Please disregard this patch.
thanks!
Cary
On Mon, 02 Mar 2020 19:23:37 -0800 Chris Bandy
wrote
Hi, Cary.
On 3/2/20 1:06 PM, Cary Huang wrote:
> Hi
>
> I found a document bug about client authentication using TLS
> certif
ions with pgcrypto.
[same examples follow after...]
=
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highgo.ca
http://www.highgo.ca
On Tue, 25 Feb 2020 12:50:18 -0800 Cary Huang
<mailto:cary.hu...@highgo.ca> wrote
Hi
I wo
and it does not verify
server hostname and certificate common name match in this case.
The attached patch corrects the clientcert authentication description in the
documentation
cheers
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highgo.ca
http
function will
also make front end tool integration simpler, as the front end tool also do not
need to know the master key so it does not need to derive KEK or unwrap the
key...etc.
Not sure if you guys agree?
Thanks!
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@hi
t is
currently not possible for a user to obtain the wrapped key from the server in
order to use these wrap/unwrap functions. I personally don't think it is a good
idea to expose these functions to user
thank you
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highg
On Mon, Jan 6, 2020 at 4:43 AM Masahiko Sawada <
masahiko.saw...@2ndquadrant.com> wrote:
> On Sat, 4 Jan 2020 at 15:11, cary huang wrote:
> >>
> >> Hello Sawada and all
> >>
> >> I would like to elaborate more on Sehrope and Sawada's discussion on
&g
The following review has been posted through the commitfest application:
make installcheck-world: tested, passed
Implements feature: tested, passed
Spec compliant: not tested
Documentation:tested, passed
Hello
I have applied the patch and did some basic testing with
o figure out how many times "EVP_EncryptUpdate" should be
called and finalize it with "EVP_EncryptFinal" at last block.
Lastly, I think we are missing a cleanup routine that calls
"EVP_CIPHER_CTX_free()" to free up the EVP_CIPHER_CTX when encryption is done.
Thank you
Cary Huang
HighGo Software Canada
after. I will do more analysis
on my end based on your comments and refine the patch with better test cases.
Much appreciated of your help.
Best regards
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highgo.ca
http://www.highgo.ca
On Wed, 15 Apr 2020 22
all 3 application level encryptions
keys and store the new results in pg_cryptokeys directory.
To rotate the cluster passphrase, user firstly needs to update
cluster_passphrase_command in the postgresql.conf and then execute
pg_rotate_cluster_passphrase() SQL function to initiate the r
UNIX_SOCKETS" around its declaration as well so both
function definition and declaration would make sense.
#ifndef HAVE_UNIX_SOCKETS
static char **filter_lines_with_token(char **lines, const char *token);
#endif
Cary Huang
-
HighGo Software Inc. (Canada)
cary.hu...@highgo.ca
www.highgo.ca
Hi Andres
thanks for your reply and your patch review. Please see my comments below
>On 2020-03-24 16:19:21 -0700, Cary Huang wrote:
>> I have shared a patch that allows sequence relation to be supported in
>> logical replication via the decoding plugin ( test_decoding f
ereport(DEBUG1,
+ (errmsg("both directories %s and %s exist, use
the newly wrapped keys",
+ KMGR_DIR, KMGR_TMP_DIR)));
I think the error message should say "there is only tempora
regards
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highgo.ca
http://www.highgo.ca
On Tue, 07 Apr 2020 20:56:12 -0700 Ahsan Hadi
<mailto:ahsan.h...@gmail.com> wrote
Hi Bruce/Joe,
In the last meeting we discussed the need for imp
is is done by setting SEQ_LOG_VALS to 0 in sequence.c
I think the question is that should we minimize WAL update frequency (every 32
calls) for getting next value in a sequence at a cost of losing values during
crash or being able to replicate a sequence relation properly at a cos
more coverage on
certain cases?
thank you!
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highgo.ca
http://www.highgo.ca
On Thu, 16 Apr 2020 09:45:06 -0700 Cary Huang
<mailto:cary.hu...@highgo.ca> wrote
Hi Craig, Andres
Thank you guys s
. The attached tap test
case is comprehensive and is passing. However, the patch does not apply well on
the current master; I had to checkout to a much earlier commit to be able to
patch correctly. The patch will need to be rebased to the current master.
Thanks
Cary Huang
-
HighGo
, because it simply queries a table's publication one at a
time and do it a million times.
thank you
Cary Huang
HighGo Software
('of' as boolean);
bool
--
f
(1 row)
```
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highgo.ca
http://www.highgo.ca
0001-boolean-type-cast-fix.patch
Description: Binary data
The following review has been posted through the commitfest application:
make installcheck-world: tested, passed
Implements feature: tested, passed
Spec compliant: tested, passed
Documentation:tested, passed
I applied this patch to the PG13 branch and generally this
he database and the same subquery works under
psql.
I also notice that the regression tests for pg_dump is failing due to the
patch, I think it is worth looking into the failure messages and also add some
test cases on the new "where" clause to ensure that it can cover as many use
cases
and TDE so it is enough to finish
initdb with intial WAl encrypted.
This is just my thought how this KMS and TDE should look like.
Best
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highgo.ca
http://www.highgo.ca
On Tue, 16 Jun 2020 23:52:03 -0700
f(PgCipherCtx));
ctx->encctx
= ossl_cipher_ctx_create(cipher, key, klen, true);
ctx->decctx
= ossl_cipher_ctx_create(cipher, key, klen, false);
#endif
return
ctx;
}
--
The following review has been posted through the commitfest application:
make installcheck-world: tested, passed
Implements feature: tested, passed
Spec compliant: tested, passed
Documentation:not tested
Hello
The patch seems to do as described and the regression and
ly applies to CREATE DATABASE related commands, not
CREATE TABLE or other objects. In the help menu, you can then elaborate more
that this option "dump only the commands related to create database like ALTER,
GRANT..etc"
Cary Huang
-
HighGo Software Inc. (Canada)
cary.hu...@highgo.ca
www.highgo.ca
timestamp to the reserved spot. This technique
is used in WalSndWriteData() and also XLogSendPhysical()... so really it
doesn't matter which function name to put in the comment.
thank you!
---
Cary Huang
HighGo Software (Canada)
ng(buf, " IS NULL)");
break;
case IS_NOT_UNKNOWN:
appendStringInfoChar(buf, '(');
deparseExpr(node->arg, context);
appendStringInfoString(buf, " IS NOT NULL)");
break;
}
just a thought
thanks!
---
Cary Huang
HighGo Software Canada
www.highgo.ca
the transaction ID when they are spawned and they will
not call this function anyway.
thank you
Cary Huang
HighGo Software Canada
www.highgo.ca
on_workers
max_sync_workers_per_subscription
jit_above_cost
jit_inline_above_cost
jit_optimize_above_cost
log_rotation_age
log_rotation_size
log_transaction_sample_rate
Cary Huang
-
HighGo Software Canada
www.highgo.ca
harm having little
extra statistical information about the checkpoint process. In fact, it could
be useful in identifying a bottleneck during the checkpoint process as the
stats exactly the time taken to do the file IO in pg_logical dir.
best
Cary Huang
and RESTART option for CREATE SEQUENCE
* could override the START value and cause confusion to user. Hence,
* we throw an error for CREATE SEQUENCE if RESTART option is
* specified; it can only be used with ALTER SEQUENCE.
*/
just a thought.
thanks!
-
Cary Huang
h the given relation"
just to make it sound more formal. :)
best
Cary Huang
--
HighGo Software Canada
www.highgo.ca
a new .partial
file.
Also, in your patch, you are using pad_to_size argument in function
dir_open_for_write to determine if it needs to create a temp file, but I see
that this function is always given a pad_to_size = 16777216 , and never 0. Am
I missing something?
Cary Huang
The following review has been posted through the commitfest application:
make installcheck-world: tested, passed
Implements feature: tested, passed
Spec compliant: tested, passed
Documentation:not tested
Hello
I tested the patches on master branch on Ubuntu 18.04 and
checked out fine.
Thank you
Cary Huang
--
Highgo Software Canada
www.highgo.ca
luster the output so much that it
starts to become annoying. Are you planning to set a limit on how many levels
of sub-partitions to print or just let it print as many as it needs?
thank you
Cary Huang
---
Highgo Software Canada
www.highgo.ca
to prevent
deadlock. At the end, give user a notification that system catalogs have not
been reindexed, and tell them to use REINDEX SYSTEM instead.
Cary Huang
-
HighGo Software Canada
www.highgo.ca
bring some benefit during a very large REDO job
where it will try to re-stream after restoring some WALs from archive to speed
up this "catch up" process. But if the recovery job is not a large one, PG is
already switching back to streaming once it hits consistent state.
thank yo
.
thank you
Cary Huang
Highgo Software Canada
to extend other possible actions
such as automatically adjust to match the new value.
-
Cary Huang
HighGo Software Canada
the currently connected client
certificate.
thank you!
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highgo.ca
http://www.highgo.ca
v1-0001-sslinfo-add-notbefore-and-notafter-timestamps.patch
Description: Binary data
valgrind on it while
doing a basebackup with simulated error. No memory leak related to backup is
observed. Regression is also passing
thank you
Cary Huang
HighGo Software Canada
ple, no transaction lock
wait will be triggered, and therefore no deadlock will happen.
Regards
Cary Huang
---
HighGo Software Canada
> regular unique index:tps = 0.054367
-> global unique index: tps = 57.740432
thank you very much and we hope this information could help clarify some
concerns about this approach.
David and Cary
hould be fine as it is already set
in sort_bounded_heap(state) few lines before.
Cary Huang
HighGo Software Canada
www.highgo.ca
On Thu, 24 Nov 2022 08:00:59 -0700 Thomas Kellerer wrote ---
> Pavel Stehule schrieb am 24.11.2022 um 07:03:
> > There are many Oracle users that find global indexes useful despite
> > their disadvantages.
> >
> > I have seen this mostly when the goal was to get the
Patch: Global Unique Index
“Global unique index” in our definition is a unique index on a partitioned
table that can ensure cross-partition uniqueness using a non-partition key.
This work is inspired by this email thread, “Proposal: Global Index” started
back in 2019 (Link below). My
RTITION CONCURRENTLY...
regards
Cary Huang
-
HighGo Software Canada
te
I put "default" in the parameter name to indicate that it only applies
to default certificate. If user specifies a non-default certificate
using "sslcert" parameter, "defaultclientcert" should not be used and
client should give error if both exists.
Cary Huang
HighGo Software Canada
www.highgo.ca
initialized pgbench database with --no-function, and plpgsql-tpcb-like and
plpgsql-simple-update scripts will fail to run
thanks
Cary Huang
===
Highgo Software Canada
www.highgo.ca
exclude partitions of the specified tables if any.
thank you
Cary Huang
HighGo Software Canada
www.highgo.ca
The following review has been posted through the commitfest application:
make installcheck-world: tested, passed
Implements feature: tested, passed
Spec compliant: tested, passed
Documentation:not tested
Hello
The patch applies and tests fine. I like the way to have
est/ssl/t/003_sslinfo.pl.
Yes, agreed, I added 2 additional tests in src/test/ssl/t/003_sslinfo.pl to
compare the notbefore and notafter outputs from sslinfo extension and
pg_stat_ssl outputs. Both should be tested equal.
Also added related documentation about the new not before and not after
01-Set-fixed-dates-for-test-certificates-validity.patch" is
exactly the same as
"v5-0001-Set-fixed-dates-for-test-certificates-validity.patch", I just up the
version to be consistent.
thank you very much
Cary Huang
-
HighGo Software Inc. (Canada)
cary.hu...@hi
make "not before" and "not
after" timestamps static in the test certificate and also adjusting
003_sslinfo.pl to expect the new static timestamps in the v5 patches. I am able
to apply both and all tests are passing. I did not know this test certificate
could be changed by `cd s
omeone
could purposely change this default to false on a production session that needs
transactions to absolutely commit, causing damages there.
thank you
Cary Huang
--
Highgo Software Canada
www.highgo.ca
ame. There will be permission checks as well so a user cannot pg_unwarm
a table owned by someone else. User in this case won't be able to invalidate a
particular buffer, but he/she should not have to as a regular user anyway.
thanks!
Cary Huang
-
HighGo Software Inc. (Canada)
cary.hu...@highgo.ca
www.highgo.ca
fail now.
> The new patchset isn't updating contrib/sslinfo/meson with the 1.3 update so
> it
> fails to build with Meson.
Thanks again for pointing out, I have adjusted the meson build file to include
the 1.3 update
Please see attached patches for the fixes.
Thank you so
mitfest? What do you think?
thank you
Cary Huang
-
HighGo Software Inc. (Canada)
cary.hu...@highgo.ca
www.highgo.ca
v2-0001-sslinfo-add-notbefore-and-notafter-timestamps.patch
Description: Binary data
v2-0002-pg-stat-ssl-add-notbefore-and-notafter-timestamps.patch
Description: Binary data
> Yes, please add it to the July commitfest and feel free to set me as
> Reviewer,
> I intend to take a look at it.
Thank you Daniel, I have added this patch to July commitfest under security
category and added you as reviewer.
best regards
Cary Huang
-
HighGo Sof
actually not able to find out the port number that my PG is running on,
at least not in a straight-forward way.
thank you
==
Cary Huang
HighGo Software
www.highgo.ca
trust from specified "sslcertdir"
and "sslkeydir" directories
Please let me know what you think. Any comments / feedback are greatly
appreciated.
Best regards
Cary Huang
Highgo Software (Canada)
www.highgo.ca
v1-0001-multiple_client_certificate_selection_support.patch
Description: Binary data
d character encoding.
thanks
----
Cary Huang
Highgo Software - Canada
www.highgo.ca
ar effects.
Instead of stating that higher max_connections results in higher allocation, It
may be better to tell the user that if the value needs to be set much higher,
consider increasing the "shared_buffers" setting as well.
thank you
---
Cary Huang
Highgo Software Canada
www.highgo.ca
e welcome. Thank you!
Best regards
Cary Huang
v2-0001-multiple_client_certificate_selection_support.patch
Description: Binary data
g_stat_ssl both return
timestampTz in whatever timezone PostgreSQL is running on, they do not always
return UTC timestamps.
Attached is the v10 patch with the above changes. Thanks again for the review.
Best regards
Cary Huang
-
HighGo Software Inc. (Canada)
cary.hu...@highgo.ca
ww
es with units of microseconds. (Once upon a time they were
* double values with units of seconds.)
but it seems to me that many of the timestamp related functions still consider
timestamp or timestampTz as "double values with units of seconds" though.
Best regards
Cary Huang
ay to specifically set the outputs of pg_stat_ssl, ssl_client_get_notbefore,
and ssl_client_get_notafte to be in GMT time zone. The not before and not after
time stamps in a client certificate are generally expressed in GMT.
Thank you!
Cary Huang
-
HighGo Software Inc. (Canada)
cary.hu...@h
Hello
I noticed that the comment for declaring create_tidscan_paths() in
src/include/optimizer/paths.h has a typo. The function is implemented in
tidpath.c, not tidpath.h as stated, which does not exist.
Made a small patch to correct it.
Thank you
Cary Huang
-
HighGo
e patch supports the recording of last commit lsn from 2 phase commit as
well, but the test does not seem to have a test on 2 phase commit. In my
opinion, it should test whether the last commit lsn increments when a prepared
transaction is committed in addition to a regular transaction.
thank yo
-certificate-feature/
thank you
Best regards
Cary Huang
v3-0001-multiple_client_certificate_selection_support.patch
Description: Binary data
sharing the patch here and
if someone could provide a quick feedback or review that would be greatly
appreciated.
Thank you!
Cary Huang
-
HighGo Software Inc. (Canada)
mailto:cary.hu...@highgo.ca
http://www.highgo.ca
v1-0001-add-parallel-tid-rangescan.patch
Description
in a comment because In my
test, if any of my interface's IPv6 address have consecutive zeroes like this:
2000::::::200:cafe/64, my network driver (Ubuntu 18.04)
will format it as 2000::200:cafe, and the patch of course will read it as
2000::200:cafe, which is ...
lel Seq Scan on test (cost=0.00..969595.42 rows=28603575 width=4)
(actual time=0.995..5541.178 rows=3272 loops=3)
Filter: ((ctid >= '(1,0)'::tid) AND (ctid <= '(540540,100)'::tid))
Rows Removed by Filter: 62
Planning Time: 0.129 ms
Execution Time: 12675.681 ms
(8 rows)
Best regards
Cary Huang
-
HighGo Software Inc. (Canada)
cary.hu...@highgo.ca
www.highgo.ca
> This isn't a complete review. It's just that this seems enough to keep
> you busy for a while. I can look a bit harder when the patch is
> working correctly. I think you should have enough feedback to allow
> that now.
Thanks for the test, review and feedback. They are greatly appreciated!
76 matches
Mail list logo
