From: Thomas Lamprecht Date: Thu, 8 Feb 2024 16:31:04 +0000 (+0100) Subject: api: user: limit email to 254 characters and user comment to 2048 X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=744ec314269ed9707a9862173da9cfde1855b2d0 api: user: limit email to 254 characters and user comment to 2048 For email the reasoning is: > In addition to restrictions on syntax, there is a length limit on > email addresses. That limit is a maximum of 64 characters (octets) > in the "local part" (before the "@") and a maximum of 255 > characters (octets) in the domain part (after the "@") for a total > length of 320 characters. However, there is a restriction in RFC > 2821 on the length of an address in MAIL and RCPT commands of 254 > characters. Since addresses that do not fit in those fields are > not normally useful, the upper limit on address lengths should > normally be considered to be 254. -- https://www.rfc-editor.org/errata_search.php?rfc=3696&eid=1690 And for user-comments, we normally show those as single line and using 2048 bytes as maximum, while also a rather arbitrary number it allows for about 2.5 times more users on a system (full name + comment can be up to 4 KiB vs 10 KiB), and we can re-raise this relatively easily again if there are somewhat reasonable complaints. Signed-off-by: Thomas Lamprecht --- diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm index 8e0f440..489d34f 100644 --- a/src/PVE/API2/User.pm +++ b/src/PVE/API2/User.pm @@ -35,12 +35,12 @@ register_standard_option('user-email', { type => 'string', optional => 1, format => 'email-opt', - maxLength => 4096, + maxLength => 254, # 256 including punctuation and separator is the max path as per RFC 5321 }); register_standard_option('user-comment', { type => 'string', optional => 1, - maxLength => 8192, + maxLength => 2048, }); register_standard_option('user-keys', { description => "Keys for two factor auth (yubico).",