Re: Should rolpassword be toastable?
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: "Jonathan S. Katz" <jkatz@postgresql.org>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>,
Nathan Bossart <nathandbossart@gmail.com>,
Michael Paquier <michael@paquier.xyz>,
Alexander Lakhin <exclusion@gmail.com>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-10-04T02:33:04Z
Lists: pgsql-hackers
"Jonathan S. Katz" <jkatz@postgresql.org> writes: > I think Tom's initial suggestion (BLCKSZ/2) is better than 256, given we > really don't know what' out there in the wild, and this could end up > being a breaking change. Every other type in pg_authid is pretty small. I'm having second thoughts about that though, based on the argument that we don't really want a platform-dependent limit here. Admittedly, nobody changes BLCKSZ on production systems, but it's still theoretically an issue. I don't have a problem with selecting a larger limit such as 512 or 1024 though. > That said, I'm also imagining other things we may add that could require > TOAST support (remembering previous passwords? storing multiple > passwords options)? Things like previous passwords probably don't need to be accessed during authentication, so there are at least a couple of ways we could do that: * put the previous passwords in an auxiliary table; * put back pg_authid's toast table, but mark rolpassword as "STORAGE MAIN" so it doesn't go to toast, while letting columns that don't need to be touched at startup go there. However, if you wanted to allow multiple passwords I'm not sure about a good way. regards, tom lane
Commits
-
Restrict password hash length.
- 8275325a06ed 18.0 landed
-
Remove pg_authid's TOAST table.
- 6aa44060a3c9 18.0 landed
-
Remove arbitrary restrictions on password length.
- 67a472d71c98 14.0 cited