Home > mailing lists

Re: Session Identifiers - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Session Identifiers
Date	December 20, 2015 20:28:13
Msg-id	18732.1450632489@sss.pgh.pa.us Whole thread Raw
In response to	Re: Session Identifiers (oleg yusim <olegyusim@gmail.com>)
Responses	Re: Session Identifiers (Melvin Davidson <melvin6925@gmail.com>) Re: Session Identifiers (oleg yusim <olegyusim@gmail.com>)
List	pgsql-general

Tree view

oleg yusim <olegyusim@gmail.com> writes:
> Got it, thanks... Now, is it any protection in place currently against
> replacing Session ID (my understanding, it is kept in memory, belonging to
> the session process) or against guessing Session ID (i.e. is Session ID
> generated using FIPS 140-2 compliant algorithms, or anything of that sort)?

I don't think Postgres even has any concept that matches what you seem
to think a Session ID is.

If you're looking for communication security/integrity checking, that's
something we leave to other software such as SSL.

            regards, tom lane

pgsql-general by date:

From: oleg yusim
Date: 20 December 2015, 20:25:50
Subject: Re: Session Identifiers

From: Melvin Davidson
Date: 20 December 2015, 20:33:45
Subject: Re: Session Identifiers

Re: Session Identifiers - Mailing list pgsql-general

Previous

Next