Stephen Frost <sfrost@xxxxxxxxxxx> writes: > * Tom Lane (tgl@xxxxxxxxxxxxx) wrote: >> That thread does point out that passwordFromFile() is far from the >> only place that assumes passwords aren't going to be longer than >> what would be sane to enter manually. I wonder whether we need to >> worry about the other bottlenecks. > Well, as I said in that thread two years ago, seems like we should make > it work everywhere and be consistent between frontend and backend > regarding what's supported. Perhaps even clearly document what the > limit is too... In the case of passwordFromFile(), the line doesn't only contain a password. There's also a hostname that has no a-priori upper length, and some other fields too; not to mention that if we have a convention for comments then it's unfriendly to have an a-priori upper length for comment lines. So I'm thinking that the correct thing to do in passwordFromFile() is use an expansible buffer and fail only on OOM. There remains, though, the question of whether any of the other limits are problematic. regards, tom lane
