pgsql: Restrict password hash length.
| От | Nathan Bossart |
|---|---|
| Тема | pgsql: Restrict password hash length. |
| Дата | |
| Msg-id | E1sxq6V-002ZDJ-Go@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Restrict password hash length. Commit 6aa44060a3 removed pg_authid's TOAST table because the only varlena column is rolpassword, which cannot be de-TOASTed during authentication because we haven't selected a database yet and cannot read pg_class. Since that change, attempts to set password hashes that require out-of-line storage will fail with a "row is too big" error. This error message might be confusing to users. This commit places a limit on the length of password hashes so that attempts to set long password hashes will fail with a more user-friendly error. The chosen limit of 512 bytes should be sufficient to avoid "row is too big" errors independent of BLCKSZ, but it should also be lenient enough for all reasonable use-cases (or at least all the use-cases we could imagine). Reviewed-by: Tom Lane, Jonathan Katz, Michael Paquier, Jacob Champion Discussion: https://postgr.es/m/89e8649c-eb74-db25-7945-6d6b23992394%40gmail.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/8275325a06ed91c053e046422a193dc6d56a70c5 Modified Files -------------- src/backend/libpq/crypt.c | 60 ++++++++++++++++++++++++---------- src/include/libpq/crypt.h | 10 ++++++ src/test/regress/expected/password.out | 7 ++++ src/test/regress/sql/password.sql | 4 +++ 4 files changed, 63 insertions(+), 18 deletions(-)
В списке pgsql-committers по дате отправления: