Re: Should rolpassword be toastable?
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: "Jonathan S. Katz" <jkatz@postgresql.org>, Jacob Champion <jacob.champion@enterprisedb.com>, Michael Paquier <michael@paquier.xyz>, Alexander Lakhin <exclusion@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-10-04T14:47:56Z
Lists: pgsql-hackers
On Thu, Oct 03, 2024 at 10:33:04PM -0400, Tom Lane wrote: > "Jonathan S. Katz" <jkatz@postgresql.org> writes: >> I think Tom's initial suggestion (BLCKSZ/2) is better than 256, given we >> really don't know what' out there in the wild, and this could end up >> being a breaking change. Every other type in pg_authid is pretty small. > > I'm having second thoughts about that though, based on the argument > that we don't really want a platform-dependent limit here. > Admittedly, nobody changes BLCKSZ on production systems, but it's > still theoretically an issue. I don't have a problem with selecting > a larger limit such as 512 or 1024 though. Since BLCKSZ can be as low as 1024, I think 512 would be a good choice. > However, if you wanted to allow multiple passwords I'm not > sure about a good way. The most recent proposal I'm aware of [0] did seem to target that use-case. One option might be to move rolpassword to a different catalog. In any case, I don't think it matters much for the patch at hand. [0] https://postgr.es/m/CAGB%2BVh5SQQorNDEKP%2B0G%3DsmxHRhbhs%2BVkmQWD5Vh98fmn8X4dg%40mail.gmail.com -- nathan
Commits
-
Restrict password hash length.
- 8275325a06ed 18.0 landed
-
Remove pg_authid's TOAST table.
- 6aa44060a3c9 18.0 landed
-
Remove arbitrary restrictions on password length.
- 67a472d71c98 14.0 cited