Re: ProcessStartupPacket(): database_name and user_name truncation
Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
From: "Drouvot, Bertrand" <bertranddrouvot.pg@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>, Nathan Bossart <nathandbossart@gmail.com>
Cc: Michael Paquier <michael@paquier.xyz>,
Kyotaro Horiguchi <horikyota.ntt@gmail.com>,
pgsql-hackers@lists.postgresql.org
Date: 2023-07-01T14:02:06Z
Lists: pgsql-hackers
Attachments
- v2-0001-Reject-incoming-username-and-database-name-in-cas.patch (text/plain) patch v2-0001
Hi, On 6/30/23 7:32 PM, Drouvot, Bertrand wrote: > Hi, > > On 6/30/23 5:54 PM, Tom Lane wrote: >> Nathan Bossart <nathandbossart@gmail.com> writes: >>> After taking another look at this, I wonder if it'd be better to fail as >>> soon as we see the database or user name is too long instead of lugging >>> them around when authentication is destined to fail. >> >> If we're agreed that we aren't going to truncate these identifiers, >> that seems like a reasonable way to handle it. >> > > Yeah agree, thanks Nathan for the idea. > I'll work on a new patch version proposal. > Please find V2 attached where it's failing as soon as the database name or user name are detected as overlength. Regards, -- Bertrand Drouvot PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com
Commits
-
Don't truncate database and user names in startup packets.
- 562bee0fc13d 17.0 landed