Re: Maximum password length

On 8/31/20, 5:55 PM, "Tom Lane" <tgl@sss.pgh.pa.us> wrote:
> I set the proposed limit at 1024 bytes, but given that we now know
> of use-cases needing up to 800 bytes, maybe there should be a little
> more headroom?  I don't want to make it enormous, though, seeing that
> we're allocating static buffers of that size.

For the use-case described in [0], I ended up bumping the server-side
limit in libpq/auth.c to 8192 bytes for RDS instances.  This appears
to be the PqRecvBuffer size, too.  In any case, these tokens regularly
exceed 1024 bytes, so I would definitely argue for more headroom if
possible.  Otherwise, I like the idea of unifying all the limits.

Nathan

[0] https://www.postgresql.org/message-id/flat/CAOhmDze1nqG2vfegpSsTFCgaiFRsqgjO6yLsbmhroz2zGmJHog%40mail.gmail.com