[pgpool-hackers: 3548] Proposal: Support for SSL passphrase
Umar Hayat
m.umarkiani at gmail.com
Fri Mar 13 19:03:26 JST 2020
Hi Hackers,
I am implementing support of SSL passphrase feature for PgPool. If we
comparing existing PostgreSQL and PgPool implementation of SSL (when
passphrase is required) :
PostgreSQL:
On Server start,
a) If 'ssl_passphrase_command' defined, It will register call back for
external command provide
b) otherwise it will register default, which is *prompting* user to input
password
On Reload Configuration,
a) If 'ssl_passphrase_command' is defined and
'ssl_passphrase_command_supports_reload' is define, then use external
command provided in 'ssl_passphrase_command'
b) otherwise suppress prompt, and fail intentionally with dummy value.
PgPool:
a) Register dummy implementation and fails in all cases.
My question is:
Should we prompt for pass phrase in any case ? or user must provide
password via 'ssl_passphrase_command' only. Any suggestions?
If we should provide prompt, in which scenario ?
At the moment, what I implemented is, No prompt in any case.
Regards,
Umar Hayat
Principle Software Engineer
EnterpriseDB: https://www.enterprisedb.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20200313/d3c500d1/attachment.html>
More information about the pgpool-hackers
mailing list