| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Aleksander Alekseev <aleksander(at)timescale(dot)com> |
| Cc: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Bowen Shi <zxwsbg12138(at)gmail(dot)com> |
| Subject: | Re: [PATCH] Add CHECK_FOR_INTERRUPTS in scram_SaltedPassword loop. |
| Date: | 2023-11-22 13:59:07 |
| Message-ID: | C4DE43E8-AEC6-4ED2-8520-01C490F751AC@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 22 Nov 2023, at 14:30, Aleksander Alekseev <aleksander(at)timescale(dot)com> wrote:
>
> Hi,
>
>> When the scram_iterations value is set too large, the backend would hang for
>> a long time. And we can't use Ctrl+C to cancel this query, cause the loop don't
>> process signal interrupts.
>>
>> Add CHECK_FOR_INTERRUPTS within the loop of scram_SaltedPassword
>> to handle any signals received during this period may be a good choice.
>>
>> I wrote a patch to solve this problem. What's your suggestions?
>
> Thanks for the patch.
>
> It sort of makes sense. I wonder though if we should limit the maximum
> number of iterations instead. If somebody specified 1_000_000+
> iteration this could also indicate a user error.
I don't think it would be useful to limit this at an arbitrary point, iteration
count can be set per password and if someone want a specific password to be
super-hard to brute force then why should we limit that?
> If we want to add CHECK_FOR_INTERRUPTS inside the loop I think a brief
> comment would be appropriate.
Agreed, it would be helpful.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2023-11-22 15:04:07 | Re: [PATCH] Add CHECK_FOR_INTERRUPTS in scram_SaltedPassword loop. |
| Previous Message | Aleksander Alekseev | 2023-11-22 13:38:52 | Re: How to accurately determine when a relation should use local buffers? |