[Cubicweb] Security on CubicWeb

Nicolas Chauvat nicolas.chauvat at logilab.fr
Thu Jan 3 18:19:52 CET 2013


On Thu, Jan 03, 2013 at 03:34:01PM +0100, Sylvain Thénault wrote:
> On 02 janvier 15:23, Nicolas Chauvat wrote:
> > On Wed, Jan 02, 2013 at 03:00:38PM +0100, Adrien Di Mascio wrote:
> > > - DOS: CW doesn't provide any builtin tool to protect you.
> > 
> > If you use postgresql in the back-end, you can start by having a look
> > at statement_timeout()
> > http://www.postgresql.org/docs/current/static/runtime-config-client.html
> > 
> > We should probably add this as a configuration option to CW, in order
> > to have it automatically configure sessions timeouts depending on the
> > user connected.
> > 
> > It could look like this in the configuration file:
> > 
> >   anynomous-sql-session-timeout=30s
> >   authenticated-sql-session-timeout=1min
> >   admin-sql-session-timeout=0
> > 
> > Should I add a ticket ?
> 
> two: one for logilab-database, the other for cw.

http://www.logilab.org/ticket/115266
http://www.cubicweb.org/ticket/2547026

Done.

-- 
Nicolas Chauvat

logilab.fr - services en informatique scientifique et gestion de connaissances  



More information about the Cubicweb mailing list