| From: | "Drouvot, Bertrand" <bertranddrouvot(dot)pg(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: ProcessStartupPacket(): database_name and user_name truncation |
| Date: | 2023-07-01 14:02:06 |
| Message-ID: | 230a77dd-808b-0bb3-9008-7c9db3fddf25@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 6/30/23 7:32 PM, Drouvot, Bertrand wrote:
> Hi,
>
> On 6/30/23 5:54 PM, Tom Lane wrote:
>> Nathan Bossart <nathandbossart(at)gmail(dot)com> writes:
>>> After taking another look at this, I wonder if it'd be better to fail as
>>> soon as we see the database or user name is too long instead of lugging
>>> them around when authentication is destined to fail.
>>
>> If we're agreed that we aren't going to truncate these identifiers,
>> that seems like a reasonable way to handle it.
>>
>
> Yeah agree, thanks Nathan for the idea.
> I'll work on a new patch version proposal.
>
Please find V2 attached where it's failing as soon as the database name or
user name are detected as overlength.
Regards,
--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
| Attachment | Content-Type | Size |
|---|---|---|
| v2-0001-Reject-incoming-username-and-database-name-in-cas.patch | text/plain | 1.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joseph Koshakow | 2023-07-01 15:33:51 | Re: Preventing non-superusers from altering session authorization |
| Previous Message | Tomas Vondra | 2023-07-01 13:40:47 | possible bug in handling of contrecords in dd38ff28ad (Fix recovery_prefetch with low maintenance_io_concurrency) |