| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Cc: | Alexander Kukushkin <cyberdemn(at)gmail(dot)com>, bossartn(at)amazon(dot)com, Stephen Frost <sfrost(at)snowman(dot)net>, isaac(dot)morland(at)gmail(dot)com |
| Subject: | Re: Maximum password length |
| Date: | 2020-09-01 18:36:24 |
| Message-ID: | 143437.1598985384@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I wrote:
> Note this patch is intended to be applied over my patch at [2],
> since it modifies the test case added there.
I've now pushed that patch, so the patch in my previous mail should
directly apply to HEAD.
I'd originally been wondering whether we need to back-patch this patch.
But unless someone wants to make a case for the max password length
being more than 1024, it seems like this is mostly cleanup and could
just be done in HEAD. At 1024, the actual behavior of pg_saslprep()
isn't changing at all, and the behavior of recv_password_packet() isn't
changing by much. The real impact is just that the places that prompt
for a password will accept passwords up to 1K instead of 100 bytes.
Which, TBH, seems like neatnik-ism rather than fixing anything useful.
Surely nobody is going to manually enter passwords exceeding 100 bytes.
And, since simple_prompt insists on reading /dev/tty not stdin, there
is no very easy way to pass a machine-generated password through that
code path. The practical ways to deal with a long password are either
to set it as PGPASSWORD (has always worked) or put it in .pgpass
(works as of now).
Anyway, I added this thread to the upcoming CF, in case anyone wants to
discuss it further.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Dilger | 2020-09-01 19:00:35 | Re: factorial function/phase out postfix operators? |
| Previous Message | Alvaro Herrera | 2020-09-01 18:15:27 | Re: ALTER TABLE .. DETACH PARTITION CONCURRENTLY |