oleg yusim <olegyusim@xxxxxxxxx> writes: > Got it, thanks... Now, is it any protection in place currently against > replacing Session ID (my understanding, it is kept in memory, belonging to > the session process) or against guessing Session ID (i.e. is Session ID > generated using FIPS 140-2 compliant algorithms, or anything of that sort)? I don't think Postgres even has any concept that matches what you seem to think a Session ID is. If you're looking for communication security/integrity checking, that's something we leave to other software such as SSL. regards, tom lane -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
