On 2/12/2016 5:20 AM, Lesley Kimmel wrote:
Thanks for the reply Laurenz. Of course the first thing that I thought of to prevent man-in-the-middle was SSL. However, I also like to try to address the issue in a way that seems to get at what they are intending. It seemed to me that they wanted to do some configuration within the database related to session IDs.
when the connection is broken, the process exits and the session ceases to exist. there are no 'session IDs' to speak of (they are process IDs instead, but a new process mandates new authentication, there's no residual authorizations associated with a PID).
-- john r pierce, recycling bits in santa cruz -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
