Re: Should rolpassword be toastable?
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: "Jonathan S. Katz" <jkatz@postgresql.org>
Cc: Michael Paquier <michael@paquier.xyz>, Tom Lane <tgl@sss.pgh.pa.us>, Alexander Lakhin <exclusion@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-09-20T16:09:51Z
Lists: pgsql-hackers
Attachments
- v3-0001-place-limit-on-password-hash-length.patch (text/plain)
On Fri, Sep 20, 2024 at 10:06:28AM -0400, Jonathan S. Katz wrote: > On 9/20/24 1:23 AM, Michael Paquier wrote: >> Not sure. Is this really something we absolutely need? Sure, this >> generates a better error when inserting a record too long to >> pg_authid, but removing the toast relation is enough to avoid the >> problems one would see when authenticating. Not sure if this argument >> is enough to count as an objection, just sharing some doubts :) > > The errors from lack of TOAST are confusing to users. Why can't we have a > user friendly error here? If I wanted to argue against adding a user-friendly error, I'd point out that it's highly unlikely anyone is actually trying to use super long hashes unless they are trying to break things, and it's just another arbitrary limit that we'll need to maintain/enforce. But on the off-chance that someone is building a custom driver that generates long hashes for whatever reason, I'd imagine that a clear error would be more helpful than "row is too big." Here is a v3 patch set that fixes the test comment and a compiler warning in cfbot. -- nathan
Commits
-
Restrict password hash length.
- 8275325a06ed 18.0 landed
-
Remove pg_authid's TOAST table.
- 6aa44060a3c9 18.0 landed
-
Remove arbitrary restrictions on password length.
- 67a472d71c98 14.0 cited