Re: Session Identifiers - Mailing list pgsql-general
Hi Melvin,
Thank you very much, that logging option really helps (I need to give instructions, people, who are not very code literate should be capable of executing). And, point taken about exact version and enviornment - PostgreSQL 9.4.5, Linux box.
Thanks,
Oleg
On Sun, Dec 20, 2015 at 10:19 AM, Melvin Davidson <melvin6925@gmail.com> wrote:
PostgreSQL does not "store" the session_id per se in any system catalogs/tables, however, you can configure the log_line_prefix in postgresql.conf to record it for each connection. It will then be stored in the postgresql log file.Please not that in the future, it is always helpful to provide the exact version of PostgreSQL and the O/S you are working with.--On Sun, Dec 20, 2015 at 11:08 AM, Pavel Stehule <pavel.stehule@gmail.com> wrote:Hi2015-12-20 16:16 GMT+01:00 oleg yusim <olegyusim@gmail.com>:Greetings!I'm new to PostgreSQL, working on it from the point of view of Cyber Security assessment. In regards to the here is my questions:Does PostgreSQL perform this type of actions? If so, where are those Session IDs are stored, so I can verify it?Postgres is based on processes - for any session is created new process when user is logged and this process is destroyed when user does logout. Almost all data are in process memory only, but shared data related to sessions are stored in shared memory - in array of PGPROC structures. Postgres invalidates these data immediately when process is destroyed. Search PGPROC in our code. Look to postmaster.c, where these operations are described.What I know, there are not any other session data - so when process is destroyed, then all is destroyed by o.s.Can be totally different if you use some connection pooler like pgpool or pgbouncer - these applications can reuse Postgres server sessions for more user sessions.RegardsPavelThanks,OlegMelvin Davidson
I reserve the right to fantasize. Whether or not you
wish to share my fantasy is entirely up to you.
pgsql-general by date: