[pgpool-hackers: 2979] Re: Pgpool-II 4.0 vs. pool_passwd

Tatsuo Ishii ishii at sraoss.co.jp
Wed Aug 22 07:51:57 JST 2018


> But since we allow clear text password in pool_passwd, we cannot judge
> whether this line is AES256 or clear text password,
> 
> t-ishii:AESc7iO9vVbTxOaY+JSWTbPqA==
> 
> we could interpret this either as a clear text entry with password
> string "AESc7iO9vVbTxOaY+JSWTbPqA==" or AES256 encrypted entry, no?

Because of this, plus the clear text password is not secure, I proppse
to remove the clear text password support from pool_passwd in
Pgpool-II 4.0.

Any objection?
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp


More information about the pgpool-hackers mailing list