From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Bossart, Nathan" <bossartn(at)amazon(dot)com> |
Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Alexander Kukushkin <cyberdemn(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, "isaac(dot)morland(at)gmail(dot)com" <isaac(dot)morland(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Maximum password length |
Date: | 2020-09-03 21:07:24 |
Message-ID: | 770569.1599167244@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
"Bossart, Nathan" <bossartn(at)amazon(dot)com> writes:
> On 9/3/20, 10:19 AM, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> + char pwdbuf[8192];
> If I am reading correctly, this would be the only defined password
> length limit once this patch is applied. While it's probably unlikely
> that this will cause problems for anybody anytime soon, is there any
> reason not to give this the same treatment as the .pgpass code and
> remove the line length limit altogether?
Yeah, it just didn't quite seem worthwhile there, given the adjacent
comment that clearly says that this is second-class-citizen code:
* Ideally this should insist that the file not be world-readable.
* However, this option is mainly intended for use on Windows where
* file permissions may not exist at all, so we'll skip the paranoia
* for now.
If you insist, I'll change it, but it seems even less likely to ever
matter to anybody than the changes to make simple_prompt accept
indefinitely long passwords. (Perhaps a reasonable compromise
is to extend this comment to note that we're also not bothering
to support indefinitely long passwords.)
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2020-09-03 21:21:52 | report expected contrecord size |
Previous Message | Alvaro Herrera | 2020-09-03 21:07:10 | Re: Parallel worker hangs while handling errors. |