Search Postgresql Archives

Re: Session Identifiers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

2015-12-20 16:16 GMT+01:00 oleg yusim <olegyusim@xxxxxxxxx>:
Greetings!

I'm new to PostgreSQL, working on it from the point of view of Cyber Security assessment. In regards to the here is my questions:

From the security standpoint we have to assure that database invalidates session identifiers upon user logout or other session termination (timeout counts too).

Does PostgreSQL perform this type of actions? If so, where are those Session IDs are stored, so I can verify it?

Postgres is based on processes - for any session is created new process when user is logged and this process is destroyed when user does logout. Almost all data are in process memory only, but shared data related to sessions are stored in shared memory - in array of PGPROC structures. Postgres invalidates these data immediately when process is destroyed. Search PGPROC in our code. Look to postmaster.c, where these operations are described.

What I know, there are not any other session data - so when process is destroyed, then all is destroyed by o.s.

Can be totally different if you use some connection pooler like pgpool or pgbouncer - these applications can reuse Postgres server sessions for more user sessions.

Regards

Pavel
 

Thanks,

Oleg


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux