Home > mailing lists

Re: Generating unique session ids - Mailing list pgsql-general

From	Alvaro Herrera
Subject	Re: Generating unique session ids
Date	July 27, 2006 13:56:02
Msg-id	20060727135520.GB17440@surnet.cl Whole thread Raw
In response to	Re: Generating unique session ids (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Generating unique session ids (Rodrigo Gonzalez <rjgonzale@gmail.com>) Re: Generating unique session ids ("Joshua D. Drake" <jd@commandprompt.com>)
List	pgsql-general

Tree view

Tom Lane wrote:

> > * Any database user is most of the time able to read function
> > bodies, so anybody who is able co connect to your database will be
> > able to get your 'secret_salt' and then predict session id's.
>
> Yeah, it's not clear where to hide the secret.

In a memfrob'ed (or something better probably) area in a C function?

--
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

pgsql-general by date:

From: Tom Lane
Date: 27 July 2006, 13:40:28
Subject: Re: Generating unique session ids

From: Markus Schiltknecht
Date: 27 July 2006, 14:01:06
Subject: Re: Database Oid from SPI

Re: Generating unique session ids - Mailing list pgsql-general

Previous

Next