From fb7cebbb360da5a95df1f162d8b6637c0fd15e4b Mon Sep 17 00:00:00 2001
From: unknown <sasha@mysql.sashanet.com>
Date: Thu, 19 Oct 2000 16:01:10 -0600
Subject: [PATCH] manual.texi	added security clarification

Docs/manual.texi:
  added security clarification
---
 Docs/manual.texi | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Docs/manual.texi b/Docs/manual.texi
index 740573a7c79..e9468d9d5bc 100644
--- a/Docs/manual.texi
+++ b/Docs/manual.texi
@@ -10769,7 +10769,12 @@ consult with a security expert.
 
 When you connect to a @strong{MySQL} server, you normally should use a
 password.  The password is not transmitted in clear text over the
-connection.
+connection, however the encryption algorithm is not very strong, and
+with some effort a clever attacker can crack the password if he is able
+to sniff the traffic between the client and the server. If the 
+connection between the client and the server goes through an untrusted
+network, you should use an @strong(SSH} tunnel to encrypt the 
+communication.
 
 All other information is transferred as text that can be read by anyone
 who is able to watch the connection.  If you are concerned about this,