| From: | "Bossart, Nathan" <bossartn(at)amazon(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Maximum password length |
| Date: | 2018-10-12 21:14:57 |
| Message-ID: | 53DC01AE-4DE7-4417-B79A-007490C6FE3F@amazon.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Stephen,
On 10/12/18, 3:52 PM, "Stephen Frost" <sfrost(at)snowman(dot)net> wrote:
> If we're going to do work in this area, why wouldn't we have the client
> tools and the server agree on the max length and then have them all be
> consistent..?
>
> Seems odd to decide that 100 character buffer size in the clients makes
> sense and then make the server support an 8k password.
I considered this but wondered if expanding the buffers over 80x was
too intrusive or if the 100 character limit had some historical
purpose. I'm happy to align everything if desired.
> I'm also trying to figure out why it makes sense to support an 8k
> password and if we've really tried seeing what happens if pg_authid gets
> a toast table that's actually used for passwords...
Since v10+ always stores passwords encrypted [0], I don't think it
will require a TOAST table.
> I'll note your patches neglected to include any tests...
I will look into adding tests. I've also been told that there may be
some limits for the .pgpass file, so I am looking into that as well.
Nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2018-10-12 21:19:32 | Re: Maximum password length |
| Previous Message | Andrew Dunstan | 2018-10-12 21:14:52 | Re: pgsql: Add TAP tests for pg_verify_checksums |