Hi, On 2018-02-18 08:48:37 +0900, Michael Paquier wrote: > On Sat, Feb 17, 2018 at 08:52:11AM -0800, Andres Freund wrote: > > On 2018-02-17 11:39:57 -0500, Tom Lane wrote: > > > pg_authid | rolpassword | text > > > > that seems not not to require one. > > You can craft SCRAM verifiers that make it fail, which can be easily > done using this module: > https://github.com/michaelpq/pg_plugins/tree/master/scram_utils > > =# create extension scram_utils ; > CREATE EXTENSION > =# select scram_utils_verifier('your_role_name', 'foo', 100, 9000); > ERROR: 54000: row is too big: size 12224, maximum size 8160 > > The third argument counts for the number of iterations to generate the > proof and the fourth controls the salt length.
I've a hard hard hard time believing this is something useful to do. I mean by that argument you can just cause trouble everywhere by just storing arbitrarily large stuff via sql. Greetings, Andres Freund