public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Magnus Hagander <[email protected]>
Cc: Joshua D. Drake <[email protected]>
Cc: Stefan Kaltenbrunner <[email protected]>
Cc: Paul Waring <[email protected]>
Cc: PostgreSQL WWW <[email protected]>
Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
Date: Fri, 3 May 2013 09:23:45 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <CABUevEzX44DyxsGHnq8L4176FMjBvsjNLL4dXTrOo3ayHBtZ5Q@mail.gmail.com>
References: <[email protected]>
<CABUevEw0asBAR6jS=aqKBG1OAJmTsMP1FiocCm-cLJfqGEAm_w@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<CABUevEzX44DyxsGHnq8L4176FMjBvsjNLL4dXTrOo3ayHBtZ5Q@mail.gmail.com>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-www>
On Fri, May 3, 2013 at 10:19:09AM +0200, Magnus Hagander wrote:
> >> >>well from a security perspective it is usually advisable to keep session
> >> >>lifetimes as short as possible, I agree that the current setup was way
> >> >>to aggressive, but 6h already results in a 6-15x increase of what we had
> >> >>before. We can always adjust upwards if we people are really working 6h+
> >> >>on an article but lets see first if this change really fixes the issue
> >> >>berkus complained about.
> >> >
> >> >This is a wiki, not a banking website. We need to use security that is
> >> >appropriate for what we are guarding. We could just prevent edits and
> >> >it would be even more secure. ;-)
> >> >
> >> >I would like 7 days, myself.
> >> >
> >>
> >> Yep, I mean really, it is a wiki.
> >
> > OK, please make it 7 days. I keep the wiki tab open on my browser and
> > having to log in every day is a pain. Now, if you want me to stop using
> > the wiki, I am happy to do that.
>
> Really, Bruce?
Yes, really. I am not saying I will stop using the wiki, but it
certainly would be nice if I didn't have to use the wiki because others
used it more. And the more cumbersome with wiki is to use, the more I
would like to avoid using it --- that's just natural. I would think we
would have a setup to encourage people to use the wiki more by making it
easier to use.
I moved to the wiki so others could update the TODO list, but history
shows that I am still making the majority of the edits:
https://wiki.postgresql.org/index.php?title=Todo&action=history
I do appreciate others making changes, but some of them are added
without discussion, so they need to be reviewed. However, I don't
always get email when someone edits because of some logic that only
emails me the first time, unless I go to the site, though I have the
TODO list tab always open --- I never understood that.
There are other oddities, like many of the "Contents" links not working
(e.g. "Montoring"), and broken output when links contain '=', so I added
a cron job on my machine to check for them.
I asked about this timeout issue over a year ago, and was told no one
knew the cause. Now that the cause was found, I am told that the
administrators want to set a timeout that is less than any other
non-commerce website I visit because of security. To me that reflects a
distorted view of usability vs security, and all for a wiki site.
So if someone responsible wants to work on the TODO list, go ahead, it
is all there ready for you. Odds are, I will never even see
notifications of your changes anyway. :-(
Administrators say they increased the timeout 10x and need feedback if
it needs to be increased further? Do you need me to notice that every
day I have to hit the 'edit' button, realize my session has timed out,
then hit the login button and try again. It happened this morning ---
is that sufficient? I have no idea. Do these cookies control anything
but the wiki? I assume not because 20 minutes was the MediaWiki default.
So, in summary, there are all these things on the wiki that don't work,
but I am having to fight to get something we can fix to a reasonable
default, and at a certain point, you just give up and find a way to do
it yourself, like maybe an auto-login javascript widget for the wiki.
(No, I have not written one, _yet_. ;-) )
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
--
Sent via pgsql-www mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-www
view thread (42+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox