mysqlslap tests show some memory is nod deallocated, probably some gwbuffer incorrect use or the error handling is not triggering any consume action on buffers.
I uses the mysql protocol 4.1 authentication method.
The actual implementation requires the password is excatly equal to the username.
The client sends user: "user" and the password must be "user"
The gateway converts "user" in SHA1(SHA1("user") and then using the algorithm check all the data.
if the clients sends anything else than "user" the password algorithm check will fail.
IN the next release we must load into memory the content of mysql.user table, with fields user and password in memory.
The gateway will then find the HEX(SHA1(SHA1(real_password))) fro tahta table and check the incoming data.
Please note that real_password is not stored in any place: not in mysql db nor in the gateway.
