Open dikshant opened 1 year ago
PostgreSQL supports wire protocol compression.
Does it? That linked mailing list thread is discussing work-in-progress that is being considered for postgres 16.
The proposed implementation looks a lot like TLS compression in that it encrypts the entire stream together. This raises concerns about vulnerabilities like CRIME. (especially if the authentication exchange is compressed - that would be a big problem in our original auth system although it's lessened with SCRAM).
Overall I'd bet that pgwire is much less exposed to compression-related leaks than HTTP (especially with scram), but we'd still need to evaluate any use of stream-wide compression from this perspective. (on the other hand, if we decide we're OK with stream compression, we may just be able to turn it on at the TLS level without waiting for future postgres protocol changes)
on the other hand, if we decide we're OK with stream compression, we may just be able to turn it on at the TLS level without waiting for future postgres protocol changes
Actually, TLS compression has fallen so completely out of favor after BREACH and CRIME that Go's TLS implementation doesn't support it at all.
PostgreSQL supports wire protocol compression. We should investigate if this is something that would provide any material benefit to us and if it is feasible to implement. https://www.postgresql.org/message-id/ABAA09C6-BB95-47A5-890D-90353533F9AC@yandex-team.ru
Jira issue: CRDB-27073