Re: Maximum password length

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Alexander Kukushkin <cyberdemn@gmail.com>, bossartn@amazon.com, Stephen Frost <sfrost@snowman.net>, isaac.morland@gmail.com, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2020-09-02T00:58:23Z
Lists: pgsql-hackers

Attachments

I wrote:
> Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
>> ISTM that it's only going to be a matter of time before that will be 
>> exceeded.  Why have a limit at all?  Accept whatever StringInfo accepts.

> Hmm, that would require some refactoring of simple_prompt for starters.

To use StringInfo, we have to move sprompt.c into src/common/ where
the stringinfo stuff lives; but that seems fine to me, because it had
little if any business being in src/port/.  Here's a draft patch
that does it that way.

This could be refined; in particular, I think that most of the
password-prompting sites could drop their separate have_password
flags in favor of checking whether the password pointer is NULL
or not.  That would likely also prove that some of the free(password)
calls I sprinkled in are unnecessary.

			regards, tom lane

Commits

  1. Remove arbitrary restrictions on password length.

  2. Remove support for password_encryption='off' / 'plain'.