Re: Maximum password length
| От | Tom Lane |
|---|---|
| Тема | Re: Maximum password length |
| Дата | |
| Msg-id | 29496.1539388920@sss.pgh.pa.us обсуждение |
| Ответ на | Re: Maximum password length ("Bossart, Nathan" <bossartn@amazon.com>) |
| Ответы |
Re: Maximum password length
Re: Maximum password length |
| Список | pgsql-hackers |
"Bossart, Nathan" <bossartn@amazon.com> writes:
> On 10/12/18, 4:24 PM, "Stephen Frost" <sfrost@snowman.net> wrote:
>> Specific use-cases here would be better than hand-waving at "these other
>> things." Last I checked, all of those work with what we've got today
>> and I don't recall hearing complaints about them not working due to this
>> limit.
> The main one I am thinking of is generated security tokens. It seems
> reasonable to me to limit md5 and scram-sha-256 passwords to a much
> shorter length, but I think the actual server message limit should be
> somewhat more flexible.
Sure, but even a generated security token seems unlikely to be more
than a couple dozen bytes long. What's the actual use-case for tokens
longer than that? ISTM that a limit around 100 bytes already has a
whole lot of headroom.
regards, tom lane
В списке pgsql-hackers по дате отправления: