Doc: add missing explanation about clear text password authentication.

diff --git a/doc.ja/src/sgml/client-auth.sgml b/doc.ja/src/sgml/client-auth.sgml
index b04e34541d1797e8b9c223169a313c59f945ae65..2075b764c5d8500fdf50894a47286a9801d1d4c9 100644 (file)
--- a/doc.ja/src/sgml/client-auth.sgml
+++ b/doc.ja/src/sgml/client-auth.sgml
@@ -737,6 +737,47 @@
    </para>
   </sect2>
 
+  <sect2 id="auth-password">
+   <title>Clear Text Password Authentication</title>
+
+   <para>
+<!--
+    The method <literal>password</literal> sends the password in
+    clear-text and is therefore vulnerable to password
+    <quote>sniffing</quote> attacks. It should always be avoided if
+    possible. If the connection is protected by SSL encryption then
+    <literal>password</literal> can be used safely, though. For this
+    sake, it is recommended to use <literal>hostssl</literal> in
+    <filename>pool_hba.conf</filename> so that clients are enforced to
+    use SSL encryption.
+-->
+    <literal>password</literal>方式は、パスワードを平文で送信するので、パスワード<quote>盗聴</quote>攻撃に対して脆弱です。
+    可能ならば、常に避けるようにしてください。
+    しかし、接続がSSL暗号で保護されていれば、passwordは安全に使用できます。
+    クライアントがSSL暗号を使うことを強制するために、<filename>pool_hba.conf</filename>で<literal>hostssl</literal>を指定することをおすすめします。
+   </para>
+   <para>
+<!--
+    A benefit to use the method is, the password for authentication is
+    provided by client side and <filename>pool_passwd</filename> is
+    not consulted. So you can avoid maintaining
+    <filename>pool_passwd</filename> file.
+-->
+    この方式を使う利点は、認証のためのパスワードがクライアント側から提供され、<filename>pool_passwd</filename>は使われないことです。
+    ですから<filename>pool_passwd</filename>の保守を避けることができます。
+   </para>
+   <para>
+<!--
+    You can avoid maintaining <filename>pool_passwd</filename> by
+    using <xref linkend="guc-allow-clear-text-frontend-auth"> as well
+    but it does not enfornce to use SSL encryption because
+    <filename>pool_hba.conf</filename> cannot be used with the
+    parameter.
+-->
+    <xref linkend="guc-allow-clear-text-frontend-auth">を使っても<filename>pool_passwd</filename>の保守を避けることができますが、SSL暗号を強制することはできません。<filename>pool_hba.conf</filename>をこのパラメータと一緒に使うことができないからです。
+   </para>
+  </sect2>
+
   <sect2 id="auth-md5">
    <!--
    <title>MD5 Password Authentication</title>

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 81770fe5a98d88e5fbbb217349e02405b90f8211..b399609afb34797203073615d1015f14f74e060b 100644 (file)
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -558,6 +558,34 @@
    </para>
   </sect2>
 
+  <sect2 id="auth-password">
+   <title>Clear Text Password Authentication</title>
+
+   <para>
+    The method <literal>password</literal> sends the password in
+    clear-text and is therefore vulnerable to password
+    <quote>sniffing</quote> attacks. It should always be avoided if
+    possible. If the connection is protected by SSL encryption then
+    <literal>password</literal> can be used safely, though. For this
+    sake, it is recommended to use <literal>hostssl</literal> in
+    <filename>pool_hba.conf</filename> so that clients are enforced to
+    use SSL encryption.
+   </para>
+   <para>
+    A benefit to use the method is, the password for authentication is
+    provided by client side and <filename>pool_passwd</filename> is
+    not consulted. So you can avoid maintaining
+    <filename>pool_passwd</filename> file.
+   </para>
+   <para>
+    You can avoid maintaining <filename>pool_passwd</filename> by
+    using <xref linkend="guc-allow-clear-text-frontend-auth"> as well
+    but it does not enfornce to use SSL encryption because
+    <filename>pool_hba.conf</filename> cannot be used with the
+    parameter.
+   </para>
+  </sect2>
+
   <sect2 id="auth-md5">
    <title>MD5 Password Authentication</title>