On 7/18/23 11:30, mahendrakar s wrote:
> Hi hackers,
>
> We have encountered an issue (invalid message length) when the
> password length is > 1000 in pg 11,12,13 versions. This is due to the
> limit(1000) on the max length of the password. In this case the
> password is an access token(JWT) which can have varied lengths >
> 1000. I see that this is already handled for GSS and SSPI
> authentication tokens where the maximum accepted size is 65535.
>
> This is not the case with pg versions >=14 as the limit on max length
> is 65535(this change was added as part of sanity checks[1]).
>
> So we have two options:
> 1. Backport patch[1] to 11,12,13
> 2. Change ONLY the limit on the max length of the password(my patch attached).
>
> Please let me know your thoughts.
The third option is to upgrade.
--
Vik Fearing