> On 22 Nov 2023, at 14:30, Aleksander Alekseev <aleksander@timescale.com> wrote:
>
> Hi,
>
>> When the scram_iterations value is set too large, the backend would hang for
>> a long time. And we can't use Ctrl+C to cancel this query, cause the loop don't
>> process signal interrupts.
>>
>> Add CHECK_FOR_INTERRUPTS within the loop of scram_SaltedPassword
>> to handle any signals received during this period may be a good choice.
>>
>> I wrote a patch to solve this problem. What's your suggestions?
>
> Thanks for the patch.
>
> It sort of makes sense. I wonder though if we should limit the maximum
> number of iterations instead. If somebody specified 1_000_000+
> iteration this could also indicate a user error.
I don't think it would be useful to limit this at an arbitrary point, iteration
count can be set per password and if someone want a specific password to be
super-hard to brute force then why should we limit that?
> If we want to add CHECK_FOR_INTERRUPTS inside the loop I think a brief
> comment would be appropriate.
Agreed, it would be helpful.
--
Daniel Gustafsson
