Home > mailing lists

Re: Session Identifiers - Mailing list pgsql-general

From	oleg yusim
Subject	Re: Session Identifiers
Date	December 20, 2015 20:37:38
Msg-id	CAKd4e_H58zuejWgONg1199TOO9yRZqUQ1Gp52aJVppb2jAs-wA@mail.gmail.com Whole thread Raw
In response to	Re: Session Identifiers (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Session Identifiers (Pavel Stehule <pavel.stehule@gmail.com>)
List	pgsql-general

Tree view

Tom,

I understand the idea that for external communication you rely on SSL. However, how about me opening psql prompt into the database directly from my Linux box, my db is installed at? I thought, it would be considered local connection and would not go through the SSL channels. If that is the case, here we would be dealing with Session IDs belonging to DB itself, not OpenSSL.

Please, correct me if I'm wrong.

Thanks,

Oleg

On Sun, Dec 20, 2015 at 11:28 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

oleg yusim <olegyusim@gmail.com> writes:
> Got it, thanks... Now, is it any protection in place currently against
> replacing Session ID (my understanding, it is kept in memory, belonging to
> the session process) or against guessing Session ID (i.e. is Session ID
> generated using FIPS 140-2 compliant algorithms, or anything of that sort)?

I don't think Postgres even has any concept that matches what you seem
to think a Session ID is.

If you're looking for communication security/integrity checking, that's
something we leave to other software such as SSL.

regards, tom lane

pgsql-general by date:

From: Melvin Davidson
Date: 20 December 2015, 20:33:45
Subject: Re: Session Identifiers

From: oleg yusim
Date: 20 December 2015, 20:38:19
Subject: Re: Session Identifiers

Re: Session Identifiers - Mailing list pgsql-general

Previous

Next