Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1swY83-004SbR-Hm for pgsql-hackers@arkaria.postgresql.org; Fri, 04 Oct 2024 02:33:16 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1swY81-008S42-TU for pgsql-hackers@arkaria.postgresql.org; Fri, 04 Oct 2024 02:33:13 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1swY81-008S3u-KA for pgsql-hackers@lists.postgresql.org; Fri, 04 Oct 2024 02:33:13 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1swY7x-002RN1-Lk; Fri, 04 Oct 2024 02:33:13 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 4942X49E510908; Thu, 3 Oct 2024 22:33:04 -0400 From: Tom Lane To: "Jonathan S. Katz" cc: Jacob Champion , Nathan Bossart , Michael Paquier , Alexander Lakhin , pgsql-hackers Subject: Re: Should rolpassword be toastable? In-reply-to: References: <2047353.1726784074@sss.pgh.pa.us> <0a9b7f96-aa2f-41eb-8e69-62f7990ebf74@postgresql.org> <0d8f3541-13f4-4194-8dca-bae881cf1a9a@postgresql.org> <2445149.1726849661@sss.pgh.pa.us> <465160.1727991546@sss.pgh.pa.us> <473657.1727994294@sss.pgh.pa.us> Comments: In-reply-to "Jonathan S. Katz" message dated "Thu, 03 Oct 2024 22:17:31 -0400" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <510906.1728009184.1@sss.pgh.pa.us> Date: Thu, 03 Oct 2024 22:33:04 -0400 Message-ID: <510907.1728009184@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk "Jonathan S. Katz" writes: > I think Tom's initial suggestion (BLCKSZ/2) is better than 256, given we > really don't know what' out there in the wild, and this could end up > being a breaking change. Every other type in pg_authid is pretty small. I'm having second thoughts about that though, based on the argument that we don't really want a platform-dependent limit here. Admittedly, nobody changes BLCKSZ on production systems, but it's still theoretically an issue. I don't have a problem with selecting a larger limit such as 512 or 1024 though. > That said, I'm also imagining other things we may add that could require > TOAST support (remembering previous passwords? storing multiple > passwords options)? Things like previous passwords probably don't need to be accessed during authentication, so there are at least a couple of ways we could do that: * put the previous passwords in an auxiliary table; * put back pg_authid's toast table, but mark rolpassword as "STORAGE MAIN" so it doesn't go to toast, while letting columns that don't need to be touched at startup go there. However, if you wanted to allow multiple passwords I'm not sure about a good way. regards, tom lane