[pgpool-hackers: 2979] Re: Pgpool-II 4.0 vs. pool_passwd
Tatsuo Ishii
ishii at sraoss.co.jp
Wed Aug 22 07:51:57 JST 2018
> But since we allow clear text password in pool_passwd, we cannot judge
> whether this line is AES256 or clear text password,
>
> t-ishii:AESc7iO9vVbTxOaY+JSWTbPqA==
>
> we could interpret this either as a clear text entry with password
> string "AESc7iO9vVbTxOaY+JSWTbPqA==" or AES256 encrypted entry, no?
Because of this, plus the clear text password is not secure, I proppse
to remove the clear text password support from pool_passwd in
Pgpool-II 4.0.
Any objection?
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
More information about the pgpool-hackers
mailing list