[arch-projects] [AUR] Login timout issue (discuss)
Does anyone know the reason why this was implemented? If so, any objections to completely removing it? - tardo
On 10/2/07, tardo <tardo@nagi-fanboi.net> wrote:
Does anyone know the reason why this was implemented? If so, any objections to completely removing it?
I wouldn't completely remove it. I would make the timeout user configurable.
Loui wrote:
On 10/2/07, tardo <tardo@nagi-fanboi.net> wrote:
Does anyone know the reason why this was implemented? If so, any objections to completely removing it?
I wouldn't completely remove it. I would make the timeout user configurable.
Some might want to deploy it user-configurable, but others might want site-wide enforcement of some maximum or minimum. I'll happily merge a patch that lets the user change the timeout within an administrator-specified min and max.. this would allow the admin to restrict to a particular timeout, a particular window, or not restrict at all. - P
That sounds reasonable.
tardo wrote:
Does anyone know the reason why this was implemented? If so, any objections to completely removing it?
Security. If you log in somewhere from a public(ish) terminal, then that terminal is trusted as you forever. Also, you end up with an enormous number of sessions to track. I think making it very long (say, 24 hours) rather than completely removing it is better. - P
participants (3)
-
Loui
-
Paul Mattal
-
tardo