Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UW7y6-0008DH-9L for pgsql-www@arkaria.postgresql.org; Sat, 27 Apr 2013 16:27:22 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.72) (envelope-from ) id 1UW7y5-00049d-PD for pgsql-www@arkaria.postgresql.org; Sat, 27 Apr 2013 16:27:21 +0000 Received: from makus.postgresql.org ([2001:4800:7903:4::125]) by malur.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UW7y4-00048I-IR for pgsql-www@postgresql.org; Sat, 27 Apr 2013 16:27:20 +0000 Received: from 30.55.colo.spiretech.net ([69.168.55.30] helo=lists.commandprompt.com) by makus.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UW7y1-0001Et-0W for pgsql-www@postgresql.org; Sat, 27 Apr 2013 16:27:19 +0000 Received: from [192.168.1.5] (spinlock.commandprompt.com [69.168.55.30]) by lists.commandprompt.com (Postfix) with ESMTPA id 71B3EEC; Sat, 27 Apr 2013 09:27:15 -0700 (PDT) Received: from [192.168.1.5] ([71.95.101.172] helo=[192.168.1.5]) by assp.commandprompt.com with ESMTPS(AES256-SHA) (2.1.1); 27 Apr 2013 09:27:15 -0700 Message-ID: <517BFC61.2070307@commandprompt.com> Date: Sat, 27 Apr 2013 09:27:13 -0700 From: "Joshua D. Drake" Organization: Command Prompt, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: Bruce Momjian CC: Stefan Kaltenbrunner , Paul Waring , pgsql-www@postgresql.org Subject: Re: Can we change auto-logout timing on wiki.postgresql.org? References: <5179CD76.6030908@agliodbs.com> <517A6C78.7000101@xk7.net> <517A7144.4070204@xk7.net> <517B729C.4060906@kaltenbrunner.cc> <517B7658.9070209@commandprompt.com> <517B9613.4090201@kaltenbrunner.cc> <20130427140914.GA20361@momjian.us> In-Reply-To: <20130427140914.GA20361@momjian.us> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Assp-Version: 2.1.1(11364) on assp.commandprompt.com X-Assp-Client-SSL: yes X-Assp-ID: assp.commandprompt.com m1-80035-06222 X-Assp-Envelope-From: jd@commandprompt.com X-Assp-Intended-For: bruce@momjian.us X-Assp-Original-Subject: Re: [pgsql-www] Can we change auto-logout timing on wiki.postgresql.org? X-Pg-Spam-Score: -1.9 (-) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-www Precedence: bulk Sender: pgsql-www-owner@postgresql.org On 04/27/2013 07:09 AM, Bruce Momjian wrote: > > On Sat, Apr 27, 2013 at 11:10:43AM +0200, Stefan Kaltenbrunner wrote: >> On 04/27/2013 08:55 AM, Joshua D. Drake wrote: >>> >>> On 04/26/2013 11:39 PM, Stefan Kaltenbrunner wrote: >>> >>>> interesting hint - thanks. >>>> >>>> I have now increased the relevant timeouts to 6h - lets see how that >>>> goes.. >>> >>> FTR, I don't think we should autologout people or at least it should be >>> set to something like 7D. >> >> well from a security perspective it is usually advisable to keep session >> lifetimes as short as possible, I agree that the current setup was way >> to aggressive, but 6h already results in a 6-15x increase of what we had >> before. We can always adjust upwards if we people are really working 6h+ >> on an article but lets see first if this change really fixes the issue >> berkus complained about. > > This is a wiki, not a banking website. We need to use security that is > appropriate for what we are guarding. We could just prevent edits and > it would be even more secure. ;-) > > I would like 7 days, myself. > Yep, I mean really, it is a wiki. JD -- Command Prompt, Inc. - http://www.commandprompt.com/ PostgreSQL Support, Training, Professional Services and Development High Availability, Oracle Conversion, Postgres-XC @cmdpromptinc - 509-416-6579 -- Sent via pgsql-www mailing list (pgsql-www@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-www