From: | "Drouvot, Bertrand" <bertranddrouvot(dot)pg(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: ProcessStartupPacket(): database_name and user_name truncation |
Date: | 2023-06-21 19:02:49 |
Message-ID: | 0dbc586e-f98c-b134-81b4-42d435068382@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 6/21/23 4:22 PM, Drouvot, Bertrand wrote:
> Hi,
>
> On 6/21/23 3:43 PM, Tom Lane wrote:
>> Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> writes:
>>> At Wed, 21 Jun 2023 09:43:50 +0200, "Drouvot, Bertrand" <bertranddrouvot(dot)pg(at)gmail(dot)com> wrote in
>>>> Trying to connect with the 64 bytes name:
>>>> $ psql -d ääääääääääääääääääääääääääääääää
>>>> psql: error: connection to server on socket "/tmp/.s.PGSQL.55448"
>>>> failed: FATAL: database "äääääääääääääääääääääääääääääää" does not
>>>> exist
>>
>>> IMHO, I'm not sure we should allow connections without the exact name
>>> being provided. In that sense, I think we might want to consider
>>> outright rejecting the estblishment of a connection when the given
>>> database name doesn't fit the startup packet, since the database with
>>> the exact given name cannot be found.
>>
>> I think I agree. I don't like the proposed patch at all, because it's
>> making completely unsupportable assumptions about what encoding the
>> names are given in. Simply failing to match when a name is overlength
>> sounds safer.
>>
>
> Yeah, that's another and "cleaner" option.
>
> I'll propose a patch to make it failing even for the non multibyte case then (
> so that multibyte and non multibyte behaves the same aka failing in case of overlength
> name is detected).
Please find attached a patch doing so (which is basically a revert of d18c1d1f51).
Regards,
--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
Attachment | Content-Type | Size |
---|---|---|
v1-0001-Reject-incoming-username-and-database-name-in-cas.patch | text/plain | 1.0 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Tomas Vondra | 2023-06-21 19:20:15 | Re: Use of additional index columns in rows filtering |
Previous Message | Andres Freund | 2023-06-21 19:02:04 | Re: DROP DATABASE is interruptible |