Re: Maximum password length
Alexander Kukushkin <cyberdemn@gmail.com>
From: Alexander Kukushkin <cyberdemn@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: bossartn@amazon.com, Stephen Frost <sfrost@snowman.net>,
isaac.morland@gmail.com, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2018-10-13T12:27:55Z
Lists: pgsql-hackers
On Sat, 13 Oct 2018 at 02:02, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Sure, but even a generated security token seems unlikely to be more > than a couple dozen bytes long. What's the actual use-case for tokens > longer than that? ISTM that a limit around 100 bytes already has a > whole lot of headroom. Self-containing tokens, for example JWT, could be easily longer than 100 bytes. We at Zalando are using such tokens and the usual size of JWT token is 600-700 bytes. It is not possible to "paste" such token into psql password prompt, because the input is truncated by 100 bytes. It is not possible to put it into ".pgpass" either, because it assumes that line could not be longer than 320 bytes (64*5) At the moment there are only two ways to use such tokens as a password: 1. export PGPASSWORD=very_long.token 2. specify the token(password) in the connection url Regards, -- Alexander Kukushkin
Commits
-
Remove arbitrary restrictions on password length.
- 67a472d71c98 14.0 landed
-
Remove support for password_encryption='off' / 'plain'.
- eb61136dc75a 10.0 cited