From: | Andy Colson <andy(at)squeakycode(dot)net> |
---|---|
To: | oleg yusim <olegyusim(at)gmail(dot)com>, PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Session Identifiers |
Date: | 2015-12-20 16:23:38 |
Message-ID: | 5676D60A.1020207@squeakycode.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 12/20/2015 09:16 AM, oleg yusim wrote:
> Greetings!
>
> I'm new to PostgreSQL, working on it from the point of view of Cyber Security assessment. In regards to the here is my questions:
>
> From the security standpoint we have to assure that database invalidates session identifiers upon user logout or other session termination (timeout counts too).
>
> Does PostgreSQL perform this type of actions? If so, where are those Session IDs are stored, so I can verify it?
>
> Thanks,
>
> Oleg
Are you talking about a website session? Does this website session happen to be stored in PG?
-Andy
From | Date | Subject | |
---|---|---|---|
Next Message | Andreas Kretschmer | 2015-12-20 16:30:36 | Re: Unique index problem |
Previous Message | Melvin Davidson | 2015-12-20 16:19:15 | Re: Session Identifiers |