| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Nicholas Chammas <nicholas(dot)chammas(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Amazon RDS auth tokens in .pgpass |
| Date: | 2020-08-31 18:37:21 |
| Message-ID: | 4124291.1598899041@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> That thread does point out that passwordFromFile() is far from the
>> only place that assumes passwords aren't going to be longer than
>> what would be sane to enter manually. I wonder whether we need to
>> worry about the other bottlenecks.
> Well, as I said in that thread two years ago, seems like we should make
> it work everywhere and be consistent between frontend and backend
> regarding what's supported. Perhaps even clearly document what the
> limit is too...
In the case of passwordFromFile(), the line doesn't only contain a
password. There's also a hostname that has no a-priori upper length,
and some other fields too; not to mention that if we have a convention
for comments then it's unfriendly to have an a-priori upper length for
comment lines. So I'm thinking that the correct thing to do in
passwordFromFile() is use an expansible buffer and fail only on OOM.
There remains, though, the question of whether any of the other limits
are problematic.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nicholas Chammas | 2020-08-31 19:12:01 | Re: Amazon RDS auth tokens in .pgpass |
| Previous Message | Ron | 2020-08-31 18:26:23 | Re: Amazon RDS auth tokens in .pgpass |