Обсуждение: Re: [BUGS] user authentication crash by Erik Luke (20-08-2001; 1.3kb)
"Thomas Yackel" <yackelt@ohsu.edu> writes: > I got the error: "Bad abstime external representation ''" when attempted to start psql as a particular user and the postmastershutdown. > The problem, we discovered, is that this user had a carriage return contained within his password. Changing the passwordto remove the CR avoided the system shutdown. Hmm. I can see how a linefeed in a password would create a problem (it breaks the line-oriented formatting of the pg_pwd file). However, I can't reproduce a postmaster crash here. Either I'm not testing the right combination of circumstances, or current sources are more robust about this than 7.1. That's not unlikely given that Bruce rewrote the password-file-parsing code a couple months ago. In any case it seems like it'd be a good idea to forbid nonprinting characters in passwords. Comments anyone? regards, tom lane
Tom Lane wrote: >Hmm. I can see how a linefeed in a password would create a problem (it >breaks the line-oriented formattingof the pg_pwd file). ... >In any case it seems like it'd be a good idea to forbid nonprinting >characters in passwords. Comments anyone? That sounds too restrictive; allowing non-printing characters should improve password security. Why not simply exclude linefeed and carriage return? (And possibly ctrl-Q and ctrl-S as well, in case there is still anyone running a terminal with XON/XOFF flow control.) -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C "But they that wait upon the LORD shall renew their strength; they shall mount up with wings as eagles; theyshall run, and not be weary; and they shall walk, and not faint." Isaiah 40:31