public inbox for [email protected]
help / color / mirror / Atom feedFrom: Magnus Hagander <[email protected]>
To: Bruce Momjian <[email protected]>
Cc: Joshua D. Drake <[email protected]>
Cc: Stefan Kaltenbrunner <[email protected]>
Cc: Paul Waring <[email protected]>
Cc: PostgreSQL WWW <[email protected]>
Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
Date: Fri, 3 May 2013 10:19:09 +0200
Message-ID: <CABUevEzX44DyxsGHnq8L4176FMjBvsjNLL4dXTrOo3ayHBtZ5Q@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<CABUevEymuYyyof68ASuDt9GBpFOvF2r0WNyk8JxK1nbGG70Rpw@mail.gmail.com>
<[email protected]>
<CABUevEw0asBAR6jS=aqKBG1OAJmTsMP1FiocCm-cLJfqGEAm_w@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-www>
On Fri, May 3, 2013 at 2:40 AM, Bruce Momjian <[email protected]> wrote:
> On Sat, Apr 27, 2013 at 09:27:13AM -0700, Joshua D. Drake wrote:
>>
>> On 04/27/2013 07:09 AM, Bruce Momjian wrote:
>> >
>> >On Sat, Apr 27, 2013 at 11:10:43AM +0200, Stefan Kaltenbrunner wrote:
>> >>On 04/27/2013 08:55 AM, Joshua D. Drake wrote:
>> >>>
>> >>>On 04/26/2013 11:39 PM, Stefan Kaltenbrunner wrote:
>> >>>
>> >>>>interesting hint - thanks.
>> >>>>
>> >>>>I have now increased the relevant timeouts to 6h - lets see how that
>> >>>>goes..
>> >>>
>> >>>FTR, I don't think we should autologout people or at least it should be
>> >>>set to something like 7D.
>> >>
>> >>well from a security perspective it is usually advisable to keep session
>> >>lifetimes as short as possible, I agree that the current setup was way
>> >>to aggressive, but 6h already results in a 6-15x increase of what we had
>> >>before. We can always adjust upwards if we people are really working 6h+
>> >>on an article but lets see first if this change really fixes the issue
>> >>berkus complained about.
>> >
>> >This is a wiki, not a banking website. We need to use security that is
>> >appropriate for what we are guarding. We could just prevent edits and
>> >it would be even more secure. ;-)
>> >
>> >I would like 7 days, myself.
>> >
>>
>> Yep, I mean really, it is a wiki.
>
> OK, please make it 7 days. I keep the wiki tab open on my browser and
> having to log in every day is a pain. Now, if you want me to stop using
> the wiki, I am happy to do that.
Really, Bruce?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
--
Sent via pgsql-www mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-www
view thread (42+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
In-Reply-To: <CABUevEzX44DyxsGHnq8L4176FMjBvsjNLL4dXTrOo3ayHBtZ5Q@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox