Re: Maximum password length - Mailing list pgsql-hackers

From Alexander Kukushkin
Subject Re: Maximum password length
Date
Msg-id CAFh8B=k6N5Y2nknTkmA9WmzbmSxOzb5WL8UAnvaBLK+FJn2w8w@mail.gmail.com
Whole thread Raw
In response to Re: Maximum password length  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Maximum password length
List pgsql-hackers
On Sat, 13 Oct 2018 at 02:02, Tom Lane <tgl@sss.pgh.pa.us> wrote:

> Sure, but even a generated security token seems unlikely to be more
> than a couple dozen bytes long.  What's the actual use-case for tokens
> longer than that?  ISTM that a limit around 100 bytes already has a
> whole lot of headroom.

Self-containing tokens, for example JWT, could be easily longer than 100 bytes.
We at Zalando are using such tokens and the usual size of JWT token is
600-700 bytes.

It is not possible to "paste" such token into psql password prompt,
because the input is truncated by 100 bytes.
It is not possible to put it into ".pgpass" either, because it assumes
that line could not be longer than 320 bytes (64*5)

At the moment there are only two ways to use such tokens as a password:
1. export PGPASSWORD=very_long.token
2. specify the token(password) in the connection url

Regards,
--
Alexander Kukushkin


pgsql-hackers by date:

Previous
From: Thomas Munro
Date:
Subject: Re: DSM segment handle generation in background workers
Next
From: Amit Kapila
Date:
Subject: Re: WIP: Avoid creation of the free space map for small tables