Tom Lane wrote: > > * Any database user is most of the time able to read function > > bodies, so anybody who is able co connect to your database will be > > able to get your 'secret_salt' and then predict session id's. > > Yeah, it's not clear where to hide the secret.
In a memfrob'ed (or something better probably) area in a C function? -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc. ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
