Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1srPQ7-001EuR-Up for pgsql-hackers@arkaria.postgresql.org; Thu, 19 Sep 2024 22:14:40 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1srPQ5-0093dq-VG for pgsql-hackers@arkaria.postgresql.org; Thu, 19 Sep 2024 22:14:39 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1srPQ5-0093ci-HB for pgsql-hackers@lists.postgresql.org; Thu, 19 Sep 2024 22:14:38 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1srPQ4-0004ec-BR for pgsql-hackers@postgresql.org; Thu, 19 Sep 2024 22:14:37 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 48JMEYMA2047354; Thu, 19 Sep 2024 18:14:34 -0400 From: Tom Lane To: Nathan Bossart cc: Alexander Lakhin , pgsql-hackers Subject: Re: Should rolpassword be toastable? In-reply-to: References: <89e8649c-eb74-db25-7945-6d6b23992394@gmail.com> <1284094.1695479962@sss.pgh.pa.us> <67793ae1-3adc-a6e0-0bb3-c23a28c0627a@gmail.com> <1986859.1726756275@sss.pgh.pa.us> Comments: In-reply-to Nathan Bossart message dated "Thu, 19 Sep 2024 16:52:02 -0500" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <2047352.1726784074.1@sss.pgh.pa.us> Date: Thu, 19 Sep 2024 18:14:34 -0400 Message-ID: <2047353.1726784074@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Nathan Bossart writes: > Oh, actually, I see that we are already validating the hash, but you can > create valid SCRAM-SHA-256 hashes that are really long. So putting an > arbitrary limit (patch attached) is probably the correct path forward. I'd > also remove pg_authid's TOAST table while at it. Shouldn't we enforce the limit in every case in encrypt_password, not just this one? (I do agree that encrypt_password is an okay place to enforce it.) I think you will get pushback from a limit of 256 bytes --- I seem to recall discussion of actual use-cases where people were using strings of a couple of kB. Whatever the limit is, the error message had better cite it explicitly. Also, the ereport call needs an errcode. ERRCODE_PROGRAM_LIMIT_EXCEEDED is probably suitable. regards, tom lane