Re: Should rolpassword be toastable?
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: Alexander Lakhin <exclusion@gmail.com>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-09-19T22:14:34Z
Lists: pgsql-hackers
Nathan Bossart <nathandbossart@gmail.com> writes: > Oh, actually, I see that we are already validating the hash, but you can > create valid SCRAM-SHA-256 hashes that are really long. So putting an > arbitrary limit (patch attached) is probably the correct path forward. I'd > also remove pg_authid's TOAST table while at it. Shouldn't we enforce the limit in every case in encrypt_password, not just this one? (I do agree that encrypt_password is an okay place to enforce it.) I think you will get pushback from a limit of 256 bytes --- I seem to recall discussion of actual use-cases where people were using strings of a couple of kB. Whatever the limit is, the error message had better cite it explicitly. Also, the ereport call needs an errcode. ERRCODE_PROGRAM_LIMIT_EXCEEDED is probably suitable. regards, tom lane
Commits
-
Restrict password hash length.
- 8275325a06ed 18.0 landed
-
Remove pg_authid's TOAST table.
- 6aa44060a3c9 18.0 landed
-
Remove arbitrary restrictions on password length.
- 67a472d71c98 14.0 cited