Re: Should rolpassword be toastable?
Jonathan S. Katz <jkatz@postgresql.org>
From: "Jonathan S. Katz" <jkatz@postgresql.org>
To: Michael Paquier <michael@paquier.xyz>,
Nathan Bossart <nathandbossart@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Alexander Lakhin <exclusion@gmail.com>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-09-20T14:06:28Z
Lists: pgsql-hackers
On 9/20/24 1:23 AM, Michael Paquier wrote: > On Thu, Sep 19, 2024 at 09:46:00PM -0500, Nathan Bossart wrote: >> On Thu, Sep 19, 2024 at 07:37:55PM -0400, Jonathan S. Katz wrote: >>>> Shouldn't we enforce the limit in every case in encrypt_password, >>>> not just this one? (I do agree that encrypt_password is an okay >>>> place to enforce it.) >> >> Yeah, that seems like a good idea. I've attached a more fleshed-out patch >> set that applies the limit in all cases. > > Not sure. Is this really something we absolutely need? Sure, this > generates a better error when inserting a record too long to > pg_authid, but removing the toast relation is enough to avoid the > problems one would see when authenticating. Not sure if this argument > is enough to count as an objection, just sharing some doubts :) The errors from lack of TOAST are confusing to users. Why can't we have a user friendly error here? Jonathan
Commits
-
Restrict password hash length.
- 8275325a06ed 18.0 landed
-
Remove pg_authid's TOAST table.
- 6aa44060a3c9 18.0 landed
-
Remove arbitrary restrictions on password length.
- 67a472d71c98 14.0 cited