On Wed, Jan 26, 2005 at 12:27:17AM -0600, Dale Sykora wrote: > I would like to use a text field in a table and limit the size to > reduce the chance of denial-of-service/buffer overflow/etc. I assume I > can define table fields similar to the following > "field_name text check (len(field) < 160)" although my syntax is > probably wrong. You could use varchar(n) instead of text with a check constraint. > Is checking text length considered a good idea? That depends on the application and the trustworthiness of the data source. If you know that values should never exceed a certain length and you want to prevent obviously bad values from being inserted, then enforcing a length limit makes sense. > If so, what would be a reasonable limit? I was thinking about > 10 * average_field_char_length (if avg value is 16 char, set > limit to 160 char). Again, that depends on the application. If you're storing product part numbers then most of them will probably fall close to the average length, so allowing ten times the average length would be unnecessary. On the other hand, if you're storing product descriptions then you might need to allow for greater variation. Use whatever makes sense for the type of data you're storing. -- Michael Fuhr http://www.fuhr.org/~mfuhr/ ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your message can get through to the mailing list cleanly
