Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1swU8D-0044Pt-1a for pgsql-hackers@arkaria.postgresql.org; Thu, 03 Oct 2024 22:17:09 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1swU8C-005ALj-Dg for pgsql-hackers@arkaria.postgresql.org; Thu, 03 Oct 2024 22:17:08 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1swU8C-005ALb-2F for pgsql-hackers@lists.postgresql.org; Thu, 03 Oct 2024 22:17:08 +0000 Received: from mail-yw1-x112a.google.com ([2607:f8b0:4864:20::112a]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1swU88-002PjX-6t; Thu, 03 Oct 2024 22:17:07 +0000 Received: by mail-yw1-x112a.google.com with SMTP id 00721157ae682-6e2598a0070so14473637b3.1; Thu, 03 Oct 2024 15:17:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727993824; x=1728598624; darn=postgresql.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=prbAIHdB4rQWdTvbhwekHZ+VS6nBptiVo4d5YjuV0So=; b=S/iocAuHNDWaXactUGsFe9r3yJwGd9PwKIDPqVxrVR7QB4zTGaXywcPpcyuYSXKb95 MGf21Bo01uM4QQ+QX740P3lDOCcdNrTbCOPidycDvaJTJNq839/JLmRZXaP7HkYJsXon DExs7iERqQREgZlV9U7TSZirnaHb4tSOKjNrLLJCCX+RbaEc+nmWl8JchbT2b34s01KI ovYxy6BxerO4E51fBYSB8ZMsxEemSBkQOVNMGfe34aAylIqSytNO9/zHo8HWX8lEg/2E GxDig9KVoUMkFrKh+l+X2Jr3agbgYOpEF3PCHAm+h78IjElFc8OcH7R6+DvjqaY0pG+w 0qXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727993824; x=1728598624; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=prbAIHdB4rQWdTvbhwekHZ+VS6nBptiVo4d5YjuV0So=; b=hWViCtB2fKzzRm6F/7n0ncp6GIHpPY+pmDYbc/FvXG+JRLzBUOSQd7hsnvM69KJYwU qM4tSpJsr3/fRsF4q//dOqsNOKUM5oXfT36iHzRZQF1mPJ2qBkmxDmG3M3zcta4bo7/8 Ui5+zbkjZieVK1CJRnINmM81w7FCoRKivmc6RuDwvQeURo3aOXLSWwynykJmDDt5AuZ1 G4UES4V9IH2wc0JXvPL07lQVI5q+f/2EFIDqTp078qbulbknfjoItiphG8JTqstcx4Y2 ZpEfBEPLHObER9i/M845sG1REOFGkxGqxjuH2M0yIBj8SyGWacSoEAaFXuGqxeVggWUg Kmdw== X-Forwarded-Encrypted: i=1; AJvYcCVmDuOm7BMSFzT4irVR6Pz0JOD4/+PSsc1Uuv5llEE5mrH2cp+ob+3uDOvy5M7osjHG4FSUmGh/2MRh6hU8@postgresql.org X-Gm-Message-State: AOJu0Yy6AHdyfGfXvNrjcU/IIes+WQiFO3+a8wJ92y4LiEJxNjLKAe9J 4vPwWJwZlpCtK0nZcXxoWFds2Ojbqftt52LltnNmrSPIrwhCzMnr X-Google-Smtp-Source: AGHT+IHeuzr3n1tfCH7WlXolmPOnLzxJZbY44n7Fsj/4U5/g+cMqchwZDdmMHXsM/bnwAKQ2rJ2zdA== X-Received: by 2002:a05:690c:3686:b0:6e2:1a26:2974 with SMTP id 00721157ae682-6e2c729fca0mr10142507b3.39.1727993824103; Thu, 03 Oct 2024 15:17:04 -0700 (PDT) Received: from nathan (162-195-168-172.lightspeed.stlsmo.sbcglobal.net. [162.195.168.172]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6e2bbea21easm4025527b3.41.2024.10.03.15.17.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Oct 2024 15:17:03 -0700 (PDT) Date: Thu, 3 Oct 2024 17:17:01 -0500 From: Nathan Bossart To: Tom Lane Cc: "Jonathan S. Katz" , Michael Paquier , Alexander Lakhin , pgsql-hackers Subject: Re: Should rolpassword be toastable? Message-ID: References: <2047353.1726784074@sss.pgh.pa.us> <0a9b7f96-aa2f-41eb-8e69-62f7990ebf74@postgresql.org> <0d8f3541-13f4-4194-8dca-bae881cf1a9a@postgresql.org> <2445149.1726849661@sss.pgh.pa.us> <465160.1727991546@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <465160.1727991546@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, Oct 03, 2024 at 05:39:06PM -0400, Tom Lane wrote: > I agree with the idea that complaining about the password being too > long is far more intelligible than that. Another problem with > leaving it as it stands in HEAD is that the effective limit is now > platform-specific, if not indeed dependent on the phase of the moon > (or at least, the other contents of the pg_authid row). I fear it > would be very easy to construct cases where a password is accepted > on one machine but fails with "row is too big" on another. A > uniform limit seems much less fraught with surprises. I don't mind proceeding with the patch if there is strong support for it. I wavered only because it's hard to be confident that we are choosing the right limit. AFAICT 256 bytes ought to be sufficient to avoid "row is too big" errors independent of BLCKSZ today, but maybe someone will add another varlena column in the future that breaks it. Or maybe we add a new password hashing method that produces longer strings. Or maybe someone is doing something really out there like storing additional information in the salt. I don't have any reason to believe that any of these things are happening or are likely to happen anytime soon, but they seem similar in likelihood to someone building a custom driver that generates ginormous hashes. But I can also buy the argument that none of this is a strong enough reason to avoid making the error message nicer... -- nathan