public inbox for [email protected]  
help / color / mirror / Atom feed
From: Jonathan S. Katz <[email protected]>
To: Tom Lane <[email protected]>
To: Nathan Bossart <[email protected]>
Cc: Alexander Lakhin <[email protected]>
Cc: pgsql-hackers <[email protected]>
Subject: Re: Should rolpassword be toastable?
Date: Thu, 19 Sep 2024 19:37:55 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<Zuwzp09o9uiG0f0F@nathan>
	<[email protected]>
	<ZuxjAIOJ4GSa34KC@nathan>
	<ZuydAj4nrt4cpGU5@nathan>
	<[email protected]>

On 9/19/24 6:14 PM, Tom Lane wrote:
> Nathan Bossart <[email protected]> writes:
>> Oh, actually, I see that we are already validating the hash, but you can
>> create valid SCRAM-SHA-256 hashes that are really long. 

You _can_, but it's up to a driver or a very determined user to do this, 
as it involves creating a very long salt.

>  So putting an
>> arbitrary limit (patch attached) is probably the correct path forward.  I'd
>> also remove pg_authid's TOAST table while at it.
> 
> Shouldn't we enforce the limit in every case in encrypt_password,
> not just this one?  (I do agree that encrypt_password is an okay
> place to enforce it.)

+1; if there's any breakage, my guess is it would be on very long 
plaintext passwords, but that would be from a very old upgrade?

> I think you will get pushback from a limit of 256 bytes --- I seem
> to recall discussion of actual use-cases where people were using
> strings of a couple of kB.  Whatever the limit is, the error message
> had better cite it explicitly.

I think it's OK to be a bit generous with the limit. Also, currently oru 
hashes are 256-bit (I know the above says byte), but this could increase 
should we support larger hashes.

> Also, the ereport call needs an errcode.
> ERRCODE_PROGRAM_LIMIT_EXCEEDED is probably suitable.

Jonathan


Attachments:

  [application/pgp-signature] OpenPGP_signature.asc (840B, ../[email protected]/2-OpenPGP_signature.asc)
  download

view thread (6+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Should rolpassword be toastable?
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox