Re: Can we change auto-logout timing on wiki.postgresql.org?

On Sat, Apr 27, 2013 at 09:27:13AM -0700, Joshua D. Drake wrote:
>
> On 04/27/2013 07:09 AM, Bruce Momjian wrote:
> >
> >On Sat, Apr 27, 2013 at 11:10:43AM +0200, Stefan Kaltenbrunner wrote:
> >>On 04/27/2013 08:55 AM, Joshua D. Drake wrote:
> >>>
> >>>On 04/26/2013 11:39 PM, Stefan Kaltenbrunner wrote:
> >>>
> >>>>interesting hint - thanks.
> >>>>
> >>>>I have now increased the relevant timeouts to 6h - lets see how that
> >>>>goes..
> >>>
> >>>FTR, I don't think we should autologout people or at least it should be
> >>>set to something like 7D.
> >>
> >>well from a security perspective it is usually advisable to keep session
> >>lifetimes as short as possible, I agree that the current setup was way
> >>to aggressive, but 6h already results in a 6-15x increase of what we had
> >>before. We can always adjust upwards if we people are really working 6h+
> >>on an article but lets see first if this change really fixes the issue
> >>berkus complained about.
> >
> >This is a wiki, not a banking website. We need to use security that is
> >appropriate for what we are guarding. We could just prevent edits and
> >it would be even more secure. ;-)
> >
> >I would like 7 days, myself.
> >
>
> Yep, I mean really, it is a wiki.

OK, please make it 7 days. I keep the wiki tab open on my browser and
having to log in every day is a pain. Now, if you want me to stop using
the wiki, I am happy to do that.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +