| From: | Andy Colson <andy(at)squeakycode(dot)net> |
|---|---|
| To: | oleg yusim <olegyusim(at)gmail(dot)com>, PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Session Identifiers |
| Date: | 2015-12-20 16:23:38 |
| Message-ID: | 5676D60A.1020207@squeakycode.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 12/20/2015 09:16 AM, oleg yusim wrote:
> Greetings!
>
> I'm new to PostgreSQL, working on it from the point of view of Cyber Security assessment. In regards to the here is my questions:
>
> From the security standpoint we have to assure that database invalidates session identifiers upon user logout or other session termination (timeout counts too).
>
> Does PostgreSQL perform this type of actions? If so, where are those Session IDs are stored, so I can verify it?
>
> Thanks,
>
> Oleg
Are you talking about a website session? Does this website session happen to be stored in PG?
-Andy
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andreas Kretschmer | 2015-12-20 16:30:36 | Re: Unique index problem |
| Previous Message | Melvin Davidson | 2015-12-20 16:19:15 | Re: Session Identifiers |