[pgpool-hackers: 4187] Wrong TODO list item (SSL and health check etc.)
Tatsuo Ishii
ishii at sraoss.co.jp
Sun Aug 28 12:28:29 JST 2022
While taking care of https://www.pgpool.net/mantisbt/view.php?id=765,
I noticed that there was wrong item in the TODO list.
Allow SSL in health check etc.
Health check process connects to PostgreSQL backend without using
SSL. This means password for connecting PostgreSQL database is
flying on the wire in plain text. Same thing can be said to the
streaming replication delay check worker process. It would be nice
if health check and streaming replication delay check worker
process use SSL if requested by backend.
Truth is, health check process and streaming replication check process
already support SSL since day 0 (health check - in 2.3.2 on 2010/2/7,
streaming replication check - in 3.0 on 2010/9/10).
Actually if SSL is enabled and PostgreSQL requires SSL for the user
and database, those process connects to PostgreSQL using SSL
connection. You can confirm this by enabling log_connections parameter
in PostgreSQL.conf.
I am going to fix documentation for health check and streaming
replication check soon.
Best reagards,
--
Tatsuo Ishii
SRA OSS LLC
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
More information about the pgpool-hackers
mailing list