Re: Session Identifiers

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: oleg yusim <olegyusim(at)gmail(dot)com>
Cc: Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, PostgreSQL General <pgsql-general(at)postgresql(dot)org>
Subject: Re: Session Identifiers
Date: 2015-12-20 17:28:09
Message-ID: 18732.1450632489@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

oleg yusim <olegyusim(at)gmail(dot)com> writes:
> Got it, thanks... Now, is it any protection in place currently against
> replacing Session ID (my understanding, it is kept in memory, belonging to
> the session process) or against guessing Session ID (i.e. is Session ID
> generated using FIPS 140-2 compliant algorithms, or anything of that sort)?

I don't think Postgres even has any concept that matches what you seem
to think a Session ID is.

If you're looking for communication security/integrity checking, that's
something we leave to other software such as SSL.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Melvin Davidson 2015-12-20 17:33:00 Re: Session Identifiers
Previous Message oleg yusim 2015-12-20 17:25:45 Re: Session Identifiers