Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtp (Exim 4.72) (envelope-from
	<pgsql-www-owner+M21597=pgsql+2Dwww=arkaria.postgresql.org@postgresql.org>)
	id 1UYBD6-0004l6-S9
	for pgsql-www@arkaria.postgresql.org; Fri, 03 May 2013 08:19:21 +0000
Received: from localhost ([127.0.0.1] helo=postgresql.org)
	by malur.postgresql.org with smtp (Exim 4.72) (envelope-from
	<pgsql-www-owner+M21597=pgsql+2Dwww=arkaria.postgresql.org@postgresql.org>)
	id 1UYBD6-0003Dr-5d
	for pgsql-www@arkaria.postgresql.org; Fri, 03 May 2013 08:19:20 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtp (Exim 4.72)
	(envelope-from <magnus@hagander.net>) id 1UYBD4-0003Dj-GF
	for pgsql-www@postgresql.org; Fri, 03 May 2013 08:19:18 +0000
Received: from mail-wi0-x231.google.com ([2a00:1450:400c:c05::231])
	by magus.postgresql.org with esmtp (Exim 4.72)
	(envelope-from <magnus@hagander.net>) id 1UYBCw-0005tB-DO
	for pgsql-www@postgresql.org; Fri, 03 May 2013 08:19:17 +0000
Received: by mail-wi0-f177.google.com with SMTP id hq12so351127wib.10
	for <pgsql-www@postgresql.org>; Fri, 03 May 2013 01:19:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:x-received:in-reply-to:references:date:message-id
	:subject:from:to:cc:content-type:x-gm-message-state;
	bh=CWGZgra2pn2/FSrQBAPDhllg2exwIIwbYLeVwPvNh8Y=;
	b=GzhG0QE4fk3SpYJi3Fgt2ycH3PhpWFTgtlbspFxAH0ot/l7Nq8Ts33zzJ8QZz9PBDf
	dmBojVdjdI2PZhPdFegK8DC5a+Ca5ITEkD5YkgN376/xgKsB4MlFviFDLKvVnSnXJZeI
	yFyHqxMKOGn9P8Fd45Z7tfylV7YJOu+tmhvVy5lDrgUJZkGdNWewsPhTV+Bd/qWRCZ7s
	TLgBcptj0MkK/rjLBw2w+WgL1xIlu9qjzhjxF8x3BT94C2d0UDI2/ptAXoxP75YAb8sQ
	J1iRLOFUgqdwQJHDSrMdls1IejhfB7tDVUXQPJwM+s+CI5hQ3JpKv7LOOPsGdfRKhAGT
	E6Ow==
MIME-Version: 1.0
X-Received: by 10.180.21.242 with SMTP id y18mr31307097wie.7.1367569149789;
	Fri, 03 May 2013 01:19:09 -0700 (PDT)
Received: by 10.194.60.37 with HTTP; Fri, 3 May 2013 01:19:09 -0700 (PDT)
In-Reply-To: <20130503004045.GC3374@momjian.us>
References: <5179CD76.6030908@agliodbs.com>
	<CABUevEymuYyyof68ASuDt9GBpFOvF2r0WNyk8JxK1nbGG70Rpw@mail.gmail.com>
	<517A6C78.7000101@xk7.net>
	<CABUevEw0asBAR6jS=aqKBG1OAJmTsMP1FiocCm-cLJfqGEAm_w@mail.gmail.com>
	<517A7144.4070204@xk7.net> <517B729C.4060906@kaltenbrunner.cc>
	<517B7658.9070209@commandprompt.com>
	<517B9613.4090201@kaltenbrunner.cc>
	<20130427140914.GA20361@momjian.us>
	<517BFC61.2070307@commandprompt.com>
	<20130503004045.GC3374@momjian.us>
Date: Fri, 3 May 2013 10:19:09 +0200
Message-ID: 
 <CABUevEzX44DyxsGHnq8L4176FMjBvsjNLL4dXTrOo3ayHBtZ5Q@mail.gmail.com>
Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
From: Magnus Hagander <magnus@hagander.net>
To: Bruce Momjian <bruce@momjian.us>
Cc: "Joshua D. Drake" <jd@commandprompt.com>,
	Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>,
	Paul Waring <paul@xk7.net>, PostgreSQL WWW <pgsql-www@postgresql.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: 
 ALoCoQkM3bQ92XyhJv/oNQ1QMsUGwCu8jzKVBd7GmxvtlPYa7eGkVK1LDuq/V0xjBe3LvgmRjkof
X-Pg-Spam-Score: -1.9 (-)
List-Archive: <http://archives.postgresql.org/pgsql-www>
List-Help: <mailto:majordomo@postgresql.org?body=help>
List-ID: <pgsql-www.postgresql.org>
List-Owner: <mailto:pgsql-www-owner@postgresql.org>
List-Post: <mailto:pgsql-www@postgresql.org>
List-Subscribe: <mailto:majordomo@postgresql.org?body=sub%20pgsql-www>
List-Unsubscribe: <mailto:majordomo@postgresql.org?body=unsub%20pgsql-www>
X-Mailing-List: pgsql-www
Precedence: bulk
Sender: pgsql-www-owner@postgresql.org

On Fri, May 3, 2013 at 2:40 AM, Bruce Momjian <bruce@momjian.us> wrote:
> On Sat, Apr 27, 2013 at 09:27:13AM -0700, Joshua D. Drake wrote:
>>
>> On 04/27/2013 07:09 AM, Bruce Momjian wrote:
>> >
>> >On Sat, Apr 27, 2013 at 11:10:43AM +0200, Stefan Kaltenbrunner wrote:
>> >>On 04/27/2013 08:55 AM, Joshua D. Drake wrote:
>> >>>
>> >>>On 04/26/2013 11:39 PM, Stefan Kaltenbrunner wrote:
>> >>>
>> >>>>interesting hint - thanks.
>> >>>>
>> >>>>I have now increased the relevant timeouts to 6h - lets see how that
>> >>>>goes..
>> >>>
>> >>>FTR, I don't think we should autologout people or at least it should be
>> >>>set to something like 7D.
>> >>
>> >>well from a security perspective it is usually advisable to keep session
>> >>lifetimes as short as possible, I agree that the current setup was way
>> >>to aggressive, but 6h already results in a 6-15x increase of what we had
>> >>before. We can always adjust upwards if we people are really working 6h+
>> >>on an article but lets see first if this change really fixes the issue
>> >>berkus complained about.
>> >
>> >This is a wiki, not a banking website.  We need to use security that is
>> >appropriate for what we are guarding.  We could just prevent edits and
>> >it would be even more secure.  ;-)
>> >
>> >I would like 7 days, myself.
>> >
>>
>> Yep, I mean really, it is a wiki.
>
> OK, please make it 7 days.  I keep the wiki tab open on my browser and
> having to log in every day is a pain.  Now, if you want me to stop using
> the wiki, I am happy to do that.

Really, Bruce?

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/


-- 
Sent via pgsql-www mailing list (pgsql-www@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-www