Re: Should rolpassword be toastable?
| От | Tom Lane |
|---|---|
| Тема | Re: Should rolpassword be toastable? |
| Дата | |
| Msg-id | 2047353.1726784074@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Should rolpassword be toastable? (Alexander Lakhin <exclusion@gmail.com>) |
| Список | pgsql-hackers |
Nathan Bossart <nathandbossart@gmail.com> writes:
> Oh, actually, I see that we are already validating the hash, but you can
> create valid SCRAM-SHA-256 hashes that are really long. So putting an
> arbitrary limit (patch attached) is probably the correct path forward. I'd
> also remove pg_authid's TOAST table while at it.
Shouldn't we enforce the limit in every case in encrypt_password,
not just this one? (I do agree that encrypt_password is an okay
place to enforce it.)
I think you will get pushback from a limit of 256 bytes --- I seem
to recall discussion of actual use-cases where people were using
strings of a couple of kB. Whatever the limit is, the error message
had better cite it explicitly.
Also, the ereport call needs an errcode.
ERRCODE_PROGRAM_LIMIT_EXCEEDED is probably suitable.
regards, tom lane
В списке pgsql-hackers по дате отправления: