Re: Maximum password length - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: Maximum password length
Date
Msg-id 20181012205148.GT4184@tamriel.snowman.net
Whole thread Raw
In response to Maximum password length  ("Bossart, Nathan" <bossartn@amazon.com>)
Responses Re: Maximum password length
Re: Maximum password length
List pgsql-hackers
Greetings,

* Bossart, Nathan (bossartn@amazon.com) wrote:
> I've attached 2 patches in an effort to clarify the upper bounds on
> password lengths:
>     - 0001 refactors the hard-coded 100 character buffer size used for
>       password prompts for client utilities into a
>       PROMPT_MAX_PASSWORD_LENGTH macro in postgres_fe.h.
>     - 0002 is an attempt at documenting the password length
>       restrictions and suggested workarounds for longer passwords.

If we're going to do work in this area, why wouldn't we have the client
tools and the server agree on the max length and then have them all be
consistent..?

Seems odd to decide that 100 character buffer size in the clients makes
sense and then make the server support an 8k password.

I'm also trying to figure out why it makes sense to support an 8k
password and if we've really tried seeing what happens if pg_authid gets
a toast table that's actually used for passwords...

I'll note your patches neglected to include any tests...

Thanks!

Stephen

Attachment

pgsql-hackers by date:

Previous
From: "Bossart, Nathan"
Date:
Subject: Maximum password length
Next
From: Tom Lane
Date:
Subject: FULL JOIN planner deficiency