[Cubicweb] Security on CubicWeb

Sylvain Thénault sylvain.thenault at logilab.fr
Thu Jan 3 15:34:01 CET 2013


On 02 janvier 15:23, Nicolas Chauvat wrote:
> On Wed, Jan 02, 2013 at 03:00:38PM +0100, Adrien Di Mascio wrote:
> > - DOS: CW doesn't provide any builtin tool to protect you.
> 
> If you use postgresql in the back-end, you can start by having a look
> at statement_timeout()
> http://www.postgresql.org/docs/current/static/runtime-config-client.html
> 
> We should probably add this as a configuration option to CW, in order
> to have it automatically configure sessions timeouts depending on the
> user connected.
> 
> It could look like this in the configuration file:
> 
>   anynomous-sql-session-timeout=30s
>   authenticated-sql-session-timeout=1min
>   admin-sql-session-timeout=0
> 
> Should I add a ticket ?

two: one for logilab-database, the other for cw.

-- 
Sylvain Thénault, LOGILAB, Paris (01.45.32.03.12) - Toulouse (05.62.17.16.42)
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
CubicWeb, the semantic web framework:    http://www.cubicweb.org



More information about the Cubicweb mailing list