Re: Can we change auto-logout timing on wiki.postgresql.org?

On Sat, Apr 27, 2013 at 09:27:13AM -0700, Joshua D. Drake wrote:
> 
> On 04/27/2013 07:09 AM, Bruce Momjian wrote:
> >
> >On Sat, Apr 27, 2013 at 11:10:43AM +0200, Stefan Kaltenbrunner wrote:
> >>On 04/27/2013 08:55 AM, Joshua D. Drake wrote:
> >>>
> >>>On 04/26/2013 11:39 PM, Stefan Kaltenbrunner wrote:
> >>>
> >>>>interesting hint - thanks.
> >>>>
> >>>>I have now increased the relevant timeouts to 6h - lets see how that
> >>>>goes..
> >>>
> >>>FTR, I don't think we should autologout people or at least it should be
> >>>set to something like 7D.
> >>
> >>well from a security perspective it is usually advisable to keep session
> >>lifetimes as short as possible, I agree that the current setup was way
> >>to aggressive, but 6h already results in a 6-15x increase of what we had
> >>before. We can always adjust upwards if we people are really working 6h+
> >>on an article but lets see first if this change really fixes the issue
> >>berkus complained about.
> >
> >This is a wiki, not a banking website.  We need to use security that is
> >appropriate for what we are guarding.  We could just prevent edits and
> >it would be even more secure.  ;-)
> >
> >I would like 7 days, myself.
> >
> 
> Yep, I mean really, it is a wiki.

OK, please make it 7 days.  I keep the wiki tab open on my browser and
having to log in every day is a pain.  Now, if you want me to stop using
the wiki, I am happy to do that.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + It's impossible for everything to be true. +