-1

We have a validation in our application limiting user first and last name length to 255 characters. Is there any technical reason we ought to be doing this? I'm wondering if there is maybe any security concern or risk we put ourselves at by not limiting the length of strings. We're using Postgres text columns.

lobati
  • 9,284
  • 5
  • 40
  • 61
  • If this is a business constraint, then yes you should reflect that in a database constraint as well. If you are indexing the columns you probably should limit the length as well. Note that there is no optimization whatsoever for column defined as `varchar(255)` over a column defined as `varchar(260)` or `varchar(301)` - that `255` is a left-over "magic number" that does have any performance impact –  Nov 23 '18 at 07:40
  • Related: https://stackoverflow.com/questions/8295131 –  Nov 23 '18 at 07:43

1 Answers1

1

Text = variable unlimited length.. If you put limiter why don't use varchar(255)?

For security concern and performance put limiter are good. If your database file heavy and if someone spams to your text, the data type exceeds 8 KB.. That will put heavy in your db and for worst scenario it can Break Down..

EDIT :

As Documentation says:

If you desire to store long strings with no specific upper limit, use text or character varying without a length specifier, rather than making up an arbitrary length limit.

Back to your original question "Should we validate max length on string fields"?

When see documentation said.. It would be better you make as Varchar(255) rather than Varchar without length specifier and do limiter in application side

And for performance:

Long strings are compressed by the system automatically, so the physical requirement on disk might be less. Very long values are also stored in background tables so that they do not interfere with rapid access to shorter column values.

I will say great for Postgresql :)

dwir182
  • 1,539
  • 10
  • 20
  • The PostgreSQL docs actually suggest that `text` is no less performant, though, if you need something variable length, and may be better since they don't need to check the length before storing a value. See the Tip here: https://www.postgresql.org/docs/10/datatype-character.html – lobati Nov 23 '18 at 02:38
  • @lobati yes.. I am already read that.. about performance which is great `postgresql`.. And said `If you desire to store long strings with no specific upper limit, use text or character varying without a length specifier, rather than making up an arbitrary length limit.`.. – dwir182 Nov 23 '18 at 02:53
  • I can't see how you could "break down" the database by supplying long strings. –  Nov 23 '18 at 07:40
  • Yes.. I want to remove that @a_horse_with_no_name but if i remove the first argument i show i think that's not good.. That's just my speculation.. If i am wrong you can dv me.. :) – dwir182 Nov 23 '18 at 07:44