"Bossart, Nathan" <bossa...@amazon.com> writes:
> On 10/12/18, 4:24 PM, "Stephen Frost" <sfr...@snowman.net> wrote:
>> Specific use-cases here would be better than hand-waving at "these other
>> things." Last I checked, all of those work with what we've got today
>> and I don't recall hearing complaints about them not working due to this
>> limit.
> The main one I am thinking of is generated security tokens. It seems
> reasonable to me to limit md5 and scram-sha-256 passwords to a much
> shorter length, but I think the actual server message limit should be
> somewhat more flexible.
Sure, but even a generated security token seems unlikely to be more
than a couple dozen bytes long. What's the actual use-case for tokens
longer than that? ISTM that a limit around 100 bytes already has a
whole lot of headroom.
regards, tom lane
