"Bossart, Nathan" <bossa...@amazon.com> writes:
> On 9/3/20, 10:19 AM, "Tom Lane" <t...@sss.pgh.pa.us> wrote:
> + char pwdbuf[8192];
> If I am reading correctly, this would be the only defined password
> length limit once this patch is applied. While it's probably unlikely
> that this will cause problems for anybody anytime soon, is there any
> reason not to give this the same treatment as the .pgpass code and
> remove the line length limit altogether?
Yeah, it just didn't quite seem worthwhile there, given the adjacent
comment that clearly says that this is second-class-citizen code:
* Ideally this should insist that the file not be world-readable.
* However, this option is mainly intended for use on Windows where
* file permissions may not exist at all, so we'll skip the paranoia
* for now.
If you insist, I'll change it, but it seems even less likely to ever
matter to anybody than the changes to make simple_prompt accept
indefinitely long passwords. (Perhaps a reasonable compromise
is to extend this comment to note that we're also not bothering
to support indefinitely long passwords.)
regards, tom lane
