Home > mailing lists

Increase limit on max length of the password( pg versions < 14) - Mailing list pgsql-hackers

From	mahendrakar s
Subject	Increase limit on max length of the password( pg versions < 14)
Date	July 18, 2023 12:30:25
Msg-id	CABkiuWpN16CT-j81AdzV63zwR8nX3EAeV1rU2nsNiU9+7oLEkQ@mail.gmail.com Whole thread Raw
Responses	Re: Increase limit on max length of the password( pg versions < 14) Re: Increase limit on max length of the password( pg versions < 14)
List	pgsql-hackers

Tree view

Hi hackers,

We have encountered an issue (invalid message length) when the
password length is > 1000 in pg 11,12,13 versions. This is due to the
limit(1000) on the max length of the password. In this case the
password is an access token(JWT) which can have varied  lengths >
1000. I see that this is already handled for GSS and SSPI
authentication tokens where the maximum accepted size is 65535.

This is not the case with pg versions >=14 as the limit on max length
is 65535(this change was added as part of sanity checks[1]).

So we have two options:
1. Backport patch[1] to 11,12,13
2. Change ONLY the limit on the max length of the password(my patch attached).

Please let me know your thoughts.

Thanks,
Mahendrakar.

[1]: https://www.postgresql.org/message-id/flat/2003757.1619373089%40sss.pgh.pa.us

Attachment

v1-0001-Increase-limit-for-max-length-of-the-password.patch

pgsql-hackers by date:

From: Amit Langote
Date: 18 July 2023, 12:11:06
Subject: Re: remaining sql/json patches

From: Amit Kapila
Date: 18 July 2023, 12:34:35
Subject: Re: doc: improve the restriction description of using indexes on REPLICA IDENTITY FULL table.

Increase limit on max length of the password( pg versions < 14) - Mailing list pgsql-hackers

Attachment

Previous

Next