Re: Should rolpassword be toastable?
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: "Jonathan S. Katz" <jkatz@postgresql.org>, Tom Lane <tgl@sss.pgh.pa.us>, Alexander Lakhin <exclusion@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-09-20T05:23:58Z
Lists: pgsql-hackers
On Thu, Sep 19, 2024 at 09:46:00PM -0500, Nathan Bossart wrote: > On Thu, Sep 19, 2024 at 07:37:55PM -0400, Jonathan S. Katz wrote: >>> Shouldn't we enforce the limit in every case in encrypt_password, >>> not just this one? (I do agree that encrypt_password is an okay >>> place to enforce it.) > > Yeah, that seems like a good idea. I've attached a more fleshed-out patch > set that applies the limit in all cases. Not sure. Is this really something we absolutely need? Sure, this generates a better error when inserting a record too long to pg_authid, but removing the toast relation is enough to avoid the problems one would see when authenticating. Not sure if this argument is enough to count as an objection, just sharing some doubts :) Removing the toast relation for pg_authid sounds good to me. > -- These are the toast table and index of pg_authid. > -REINDEX TABLE CONCURRENTLY pg_toast.pg_toast_1260; -- no catalog toast table > +REINDEX TABLE CONCURRENTLY pg_toast.pg_toast_1262; -- no catalog toast table > ERROR: cannot reindex system catalogs concurrently > -REINDEX INDEX CONCURRENTLY pg_toast.pg_toast_1260_index; -- no catalog toast index > +REINDEX INDEX CONCURRENTLY pg_toast.pg_toast_1262_index; -- no catalog toast index This comment should be refreshed as of s/pg_authid/pg_database/. -- Michael
Commits
-
Restrict password hash length.
- 8275325a06ed 18.0 landed
-
Remove pg_authid's TOAST table.
- 6aa44060a3c9 18.0 landed
-
Remove arbitrary restrictions on password length.
- 67a472d71c98 14.0 cited