oleg yusim <olegyusim@gmail.com> writes:
> Got it, thanks... Now, is it any protection in place currently against
> replacing Session ID (my understanding, it is kept in memory, belonging to
> the session process) or against guessing Session ID (i.e. is Session ID
> generated using FIPS 140-2 compliant algorithms, or anything of that sort)?
I don't think Postgres even has any concept that matches what you seem
to think a Session ID is.
If you're looking for communication security/integrity checking, that's
something we leave to other software such as SSL.
regards, tom lane