| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Cc: | Fujii Masao <fujii(at)postgresql(dot)org> |
| Subject: | Remove line length restriction in passwordFromFile() |
| Date: | 2020-08-31 21:24:01 |
| Message-ID: | 4187382.1598909041@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Per the discussion at [1], we're now aware of actual use-cases for
password strings approaching a kilobyte in length. I think this puts
the final nail in the coffin of the idea that passwordFromFile() can
use a fixed-length line buffer. Therefore, commit 2eb3bc588 (which
added a warning for overlength lines) seems rather misguided in
hindsight. What we should do instead is fix that code so it has no
hard upper bound on the line length. Even if you want to say that
we'll set a particular limit on how long the password field can be,
there's no good upper bound for the length of the hostname field;
so ISTM that just getting out of the business of a fixed-size buffer
is the sanest way.
Hence, the attached proposed patch does that, and for good measure
adds some testing of this formerly untested code.
Since we now have an actual user complaint, I'm inclined to back-patch
this all the way.
As noted in the other thread, there may be some other changes needed
to support long passwords, but this is clearly required.
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| remove-fixed-buffer-in-passwordFromFile.patch | text/x-diff | 5.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2020-08-31 21:36:40 | Re: ALTER SYSTEM between upgrades |
| Previous Message | Peter Geoghegan | 2020-08-31 20:56:36 | Re: Boundary value check in lazy_tid_reaped() |