Re: Can we change auto-logout timing on wiki.postgresql.org?

On Sat, Apr 27, 2013 at 4:09 PM, Bruce Momjian <bruce@momjian.us> wrote:
> On Sat, Apr 27, 2013 at 11:10:43AM +0200, Stefan Kaltenbrunner wrote:
>> On 04/27/2013 08:55 AM, Joshua D. Drake wrote:
>> >
>> > On 04/26/2013 11:39 PM, Stefan Kaltenbrunner wrote:
>> >
>> >> interesting hint - thanks.
>> >>
>> >> I have now increased the relevant timeouts to 6h - lets see how that
>> >> goes..
>> >
>> > FTR, I don't think we should autologout people or at least it should be
>> > set to something like 7D.
>>
>> well from a security perspective it is usually advisable to keep session
>> lifetimes as short as possible, I agree that the current setup was way
>> to aggressive, but 6h already results in a 6-15x increase of what we had
>> before. We can always adjust upwards if we people are really working 6h+
>> on an article but lets see first if this change really fixes the issue
>> berkus complained about.
>
> This is a wiki, not a banking website.  We need to use security that is
> appropriate for what we are guarding.  We could just prevent edits and
> it would be even more secure.  ;-)
>
> I would like 7 days, myself.

Note that this is not 7 days since you logged in. It's 7 days since
you last did something. And as long as you don't stop working, you
never get logged out ;)


--Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/