Re: Parametrization minimum password lenght

Sorry here the right attachment

Il giorno lun 25 nov 2024 alle ore 11:15 Emanuele Musella <
emamuse86(at)gmail(dot)com> ha scritto:

> Thank you Bertrand for your feedbacks. We are looking for CFbot part so we
> can compile it like CFbot.
>
> For now we have fixed all points.
>
> Thank you
>
> Il giorno mar 19 nov 2024 alle ore 20:28 Bertrand Drouvot <
> bertranddrouvot(dot)pg(at)gmail(dot)com> ha scritto:
>
>> Hi,
>>
>> On Mon, Nov 18, 2024 at 05:21:18PM +0100, Emanuele Musella wrote:
>> > We notice some errors on CFBot results.
>>
>> FWIW, you can run "cfbot like" tests on your own repo (see [1]).
>>
>> > In attached the errors fixed
>>
>> Thanks for the updated version!
>>
>> A few random comments:
>>
>> === 1
>>
>> trailing whitespace:
>>
>> $ git apply min_password_length_v7.patch
>> min_password_length_v7.patch:130: trailing whitespace.
>> There is a configuration parameter that control the behavior
>> warning: 1 line adds whitespace errors.
>>
>> === 2
>>
>> + * Author: Maurizio Boriani <maurizio(at)boriani(dot)cloud>
>> + * Author: Emanuele Musella <emamuse86(at)gmail(dot)com>
>>
>> Same comment as in [2].
>>
>> === 3
>>
>> - int pwdlen = strlen(password);
>> + int pwdlen = pg_mbstrlen(password);
>>
>> Sorry if I was not clear in [2], but I meant to say to keep using
>> strlen() to be
>> consistent with the current behavior.
>>
>> === 4
>>
>> + GUC_UNIT_BYTE,
>>
>> this is correct if strlen() is used (see above comment).
>>
>> === 5
>>
>> + 0, INT_MAX,
>>
>> INT_MAX seems too large and 0 too low. Maybe we should not allow less
>> than it
>> was before the patch (8). For the max, maybe something like
>> PG_MAX_AUTH_TOKEN_LENGTH?
>> (see the comment in src/backend/libpq/auth.c)
>>
>> === 6
>>
>> + There is a configuration parameter that control the behavior
>> + <filename>passwordcheck</filename>
>>
>> s/behavior/behavior of/?
>>
>> === 7
>>
>> + <varname>passwordcheck.min_password_length</varname> is the
>> minimum length
>> + of accepted password on database users.
>> + If not setted the default is 8 bytes.
>>
>> What about? "is the minimum password length in bytes. The default is 8."
>>
>> === 7
>>
>> +
>> +<programlisting>
>> +# postgresql.conf
>> +session_preload_libraries = 'passwordcheck'
>> +passwordcheck.min_password_length = 12
>> +
>> +</programlisting>
>>
>> What about a sentence before? Something like for auto_explain means "In
>> ordinary
>> usage, these parameters are set in postgresql.conf,............"
>>
>> [1]: https://github.com/postgres/postgres/blob/master/src/tools/ci/README
>> [2]:
>> https://www.postgresql.org/message-id/ZzsZZY3YrO6hinnT%40ip-10-97-1-34.eu-west-3.compute.internal
>>
>> Regards,
>>
>> --
>> Bertrand Drouvot
>> PostgreSQL Contributors Team
>> RDS Open Source Databases
>> Amazon Web Services: https://aws.amazon.com
>>
>