Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UY43Y-0003lg-5T for pgsql-www@arkaria.postgresql.org; Fri, 03 May 2013 00:41:00 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.72) (envelope-from ) id 1UY43X-00044D-67 for pgsql-www@arkaria.postgresql.org; Fri, 03 May 2013 00:40:59 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UY43W-000448-PF for pgsql-www@postgresql.org; Fri, 03 May 2013 00:40:58 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UY43T-0006QY-9z for pgsql-www@postgresql.org; Fri, 03 May 2013 00:40:58 +0000 Received: from bruce by momjian.us with local (Exim 4.72) (envelope-from ) id 1UY43J-0003hv-Ot; Thu, 02 May 2013 20:40:45 -0400 Date: Thu, 2 May 2013 20:40:45 -0400 From: Bruce Momjian To: "Joshua D. Drake" Cc: Stefan Kaltenbrunner , Paul Waring , pgsql-www@postgresql.org Subject: Re: Can we change auto-logout timing on wiki.postgresql.org? Message-ID: <20130503004045.GC3374@momjian.us> References: <5179CD76.6030908@agliodbs.com> <517A6C78.7000101@xk7.net> <517A7144.4070204@xk7.net> <517B729C.4060906@kaltenbrunner.cc> <517B7658.9070209@commandprompt.com> <517B9613.4090201@kaltenbrunner.cc> <20130427140914.GA20361@momjian.us> <517BFC61.2070307@commandprompt.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <517BFC61.2070307@commandprompt.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-Pg-Spam-Score: -4.4 (----) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-www Precedence: bulk Sender: pgsql-www-owner@postgresql.org On Sat, Apr 27, 2013 at 09:27:13AM -0700, Joshua D. Drake wrote: > > On 04/27/2013 07:09 AM, Bruce Momjian wrote: > > > >On Sat, Apr 27, 2013 at 11:10:43AM +0200, Stefan Kaltenbrunner wrote: > >>On 04/27/2013 08:55 AM, Joshua D. Drake wrote: > >>> > >>>On 04/26/2013 11:39 PM, Stefan Kaltenbrunner wrote: > >>> > >>>>interesting hint - thanks. > >>>> > >>>>I have now increased the relevant timeouts to 6h - lets see how that > >>>>goes.. > >>> > >>>FTR, I don't think we should autologout people or at least it should be > >>>set to something like 7D. > >> > >>well from a security perspective it is usually advisable to keep session > >>lifetimes as short as possible, I agree that the current setup was way > >>to aggressive, but 6h already results in a 6-15x increase of what we had > >>before. We can always adjust upwards if we people are really working 6h+ > >>on an article but lets see first if this change really fixes the issue > >>berkus complained about. > > > >This is a wiki, not a banking website. We need to use security that is > >appropriate for what we are guarding. We could just prevent edits and > >it would be even more secure. ;-) > > > >I would like 7 days, myself. > > > > Yep, I mean really, it is a wiki. OK, please make it 7 days. I keep the wiki tab open on my browser and having to log in every day is a pain. Now, if you want me to stop using the wiki, I am happy to do that. -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-www mailing list (pgsql-www@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-www