eyond the
source code and this thread? I was specifically searching for session id
generation, but clearly this search was too narrow. I'll look more
generally for how MySQL establishes connections and maintains sessions -
but if you happen to know where it might be document off the top of your
h
Tanks for responding Johan.
I am indeed looking for MySQL session ID's, not an HTTP session ID. I'm
doing a defense in depth audit and reviewing potential threats to each
remote connection - in this case session fixation. I know I can set
various session timeout properties that help mitigate fix
27;t here
to say "no" to whatever software I desire to use, they just need to
verify. So, really, the wand of ignorance should be pointed in my
direction =)
This leads me to my final question: is this documented anywhere beyond the
source code and this thread? I was specifically searc
Steven,
Am 21.06.2013 13:35, schrieb Steven Siebert:
If the TCP connection is lost...is the effectively session over and
can not be re-established on another socket?
Yes.
In a mysql client sense, I
would need to re-establish a connection and set my session variables again
rather than just r
Hartmut/Denis - Great information, thank you! I was unaware that mysql
bound the session id to the socket in such a way that it would not permit
that session id to be provided on other socket. This was the missing piece.
Hartmut - if the session Id is not a meaningful part of the client/server
p
Am 21.06.2013 12:48, schrieb Steven Siebert:
You stated these IDs are sequential...do you know if there is any way to
modify this to utilize a "random" generation? Sequential session IDs are
an avenue to session hijacking.
There is no attack vector opening up by knowing a session ID. A
"sess
On 21.06.2013 13:35, Steven Siebert wrote:
> Hartmut - if the session Id is not a meaningful part of the
> client/server protocol, is the session managed my the transport layer
> rather than the app layer? If the TCP connection is lost...is the
> effectively session over and can not be re-establi
On 21.06.2013 12:48, Steven Siebert wrote:
> You stated these IDs are sequential...do you know if there is any way to
> modify this to utilize a "random" generation? Sequential session IDs are
> an avenue to session hijacking.
as a MySQL client session is bound to a specific TCP connection ... h
- Original Message -
> From: "Steven Siebert"
> Subject: Re: Session ID Generation
> I am indeed looking for MySQL session ID's, not an HTTP session ID.
> I'm doing a defense in depth audit and reviewing potential threats
> to each remote connection
Mysql assigns its session IDs sequentially as they come in. I suspect, however,
that you're looking for session IDs as used by websites -generation of those is
entirely not a mysql issue, it is only a potential store for them.
Steven Siebert wrote:
>Hello all,
>
>I've looked though, what I beli
Hello all,
I've looked though, what I believe to be, the relevant areas in the MySQL
docs as well as standard search engine searches without luck. I was
hoping to find some documentation that would tell me:
- how MySQL session Ids are generated (specifically, are they considered
"random")
- do
11 matches
Mail list logo
