Hi,
When I was researching the maximum length of password in PostgreSQL
to answer the question from my customer, I found that there are two
minor issues in .pgpass file.
(1) If the length of a line in .pgpass file is larger than 319B,
libpq silently treats each 319B in the line as a separate
setting line.
(2) The document explains that a line beginning with # is treated
as a comment in .pgpass. But as far as I read the code,
there is no code doing such special handling. Whether a line
begins with # or not, libpq just checks that the first token
in the line match with the host. That is, if you try to connect
to the host with the hostname beginning with #,
it can match to the line beginning with # in .pgpass.
Also if the length of that "comment" line is larger than 319B,
the latter part of the line can be treated as valid setting.
You may think that these unexpected behaviors are not so harmful
in practice because "usually" the length of password setting line is
less than 319B and the hostname beginning with # is less likely to be
used. But the problem exists. And there are people who want to use
large password or to write a long comment (e.g., with multibyte
characters like Japanese) in .pgass, so these may be more harmful
in the near future.
For (1), I think that we should make libpq warn if the length of a line
is larger than 319B, and throw away the remaining part beginning from
320B position. Whether to enlarge the length of a line should be
a separate discussion, I think.
For (2), libpq should treat any lines beginning with # as comments.
I've not created the patch yet, but will do if we reach to
the consensus.
Regards,
--
Fujii Masao
NTT DATA CORPORATION
Advanced Platform Technology Group
Research and Development Headquarters