On Sat, Jan 28, 2012 at 11:55 AM, Euler Taveira de Oliveira <eu...@timbira.com> wrote: > On 27-01-2012 23:15, agr...@gmail.com wrote: >> When psql prompts for a password, it only reads the first 100 characters of >> the password. The limit in fe-connect.c (for when .pgpass is used) is >> weirder, a seemingly arbitrary 320 bytes for all fields combined. Other >> (postgresql-jdbc, PyGreSQL, etc.) have no problem with a 512-byte password. >> It would be nice to have these limits controlled by a constant, and for the >> command to give an error or warning when a password is truncated. >> > I don't see it as a bug but a limitation.
First, thank you for the quick response. IMHO, there is a subtle difference here. If psql raised an error message on passwords exceeding 100 characters, I would understand your perspective, but I think that simply truncating the password and continuing on is a bug. I also think that hard-coding the number "100" in several places is simply poor practice which should be corrected, and that if there's good reason for that to be the password length limit, it should be uniformly enforced. Regardless, of whether it's a bug or feature, though, the fixes are trivial, so I'm not sure what a strong argument _against_ the changes would be. >Why do you need such a long > password? The password is not of my choosing. It's an autogenerated sha hash of an RSA key, and i've simply been the key to use. While I agree that it's generally impractical to use such a long password at the command line, more than 99% of the use of this password is programmatic, and if I complain to the author that the password is too long, he'll respond "it works for me with JDBC; you are using broken tools. > If you are not comfortable with this reasonable limit, look at > fe-connect.c -> PasswordFromFile() and change the LINELEN. More to the point, > AFAICS all of the PostgreSQL client prompts are limited to 100 bytes (look at > simple_prompt function); letting 220 bytes for host, port, database, and user. I looked at the code before I wrote up the issue, and I have written and tested a patch. I've posted it here: https://bugzilla.redhat.com/attachment.cgi?id=558061 As you might expect, it simply defines a constant called PASSWDLEN and uses that in the calls to simple_prompt, as well as in initdb's reading of pwfile (which inexplicably uses MAXPGPATH as the maximum password length today). Perhaps I should just submit the patch to pgsql-hackers ? I'm new to the pgsql bug interaction process, so my apologies if filing a bug was not the appropriate way to present the issue. I get Internal Server Error messages when I attempt to subscribe to any of the pgsql mailing lists, so this makes communication with the lists difficult. --Andy > -- > Euler Taveira de Oliveira - Timbira http://www.timbira.com.br/ > PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs