On 04/27/2013 07:09 AM, Bruce Momjian wrote:
>
> On Sat, Apr 27, 2013 at 11:10:43AM +0200, Stefan Kaltenbrunner wrote:
>> On 04/27/2013 08:55 AM, Joshua D. Drake wrote:
>>>
>>> On 04/26/2013 11:39 PM, Stefan Kaltenbrunner wrote:
>>>
>>>> interesting hint - thanks.
>>>>
>>>> I have now increased the relevant timeouts to 6h - lets see how that
>>>> goes..
>>>
>>> FTR, I don't think we should autologout people or at least it should be
>>> set to something like 7D.
>>
>> well from a security perspective it is usually advisable to keep session
>> lifetimes as short as possible, I agree that the current setup was way
>> to aggressive, but 6h already results in a 6-15x increase of what we had
>> before. We can always adjust upwards if we people are really working 6h+
>> on an article but lets see first if this change really fixes the issue
>> berkus complained about.
>
> This is a wiki, not a banking website. We need to use security that is
> appropriate for what we are guarding. We could just prevent edits and
> it would be even more secure. ;-)
>
> I would like 7 days, myself.
>
Yep, I mean really, it is a wiki.
JD
--
Command Prompt, Inc. - http://www.commandprompt.com/
PostgreSQL Support, Training, Professional Services and Development
High Availability, Oracle Conversion, Postgres-XC
@cmdpromptinc - 509-416-6579
