Re: Maximum password length

Hi Stephen,

On 10/12/18, 3:52 PM, "Stephen Frost" <sfrost@snowman.net> wrote:
> If we're going to do work in this area, why wouldn't we have the client
> tools and the server agree on the max length and then have them all be
> consistent..?
> 
> Seems odd to decide that 100 character buffer size in the clients makes
> sense and then make the server support an 8k password.

I considered this but wondered if expanding the buffers over 80x was
too intrusive or if the 100 character limit had some historical
purpose.  I'm happy to align everything if desired.

> I'm also trying to figure out why it makes sense to support an 8k
> password and if we've really tried seeing what happens if pg_authid gets
> a toast table that's actually used for passwords...

Since v10+ always stores passwords encrypted [0], I don't think it
will require a TOAST table.

> I'll note your patches neglected to include any tests...

I will look into adding tests.  I've also been told that there may be
some limits for the .pgpass file, so I am looking into that as well.

Nathan

[0] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=eb61136dc75a76caef8460fa939244d8593100f2