[Cubicweb] Security on CubicWeb
Sylvain Thénault
sylvain.thenault at logilab.fr
Thu Jan 3 15:34:01 CET 2013
On 02 janvier 15:23, Nicolas Chauvat wrote:
> On Wed, Jan 02, 2013 at 03:00:38PM +0100, Adrien Di Mascio wrote:
> > - DOS: CW doesn't provide any builtin tool to protect you.
>
> If you use postgresql in the back-end, you can start by having a look
> at statement_timeout()
> http://www.postgresql.org/docs/current/static/runtime-config-client.html
>
> We should probably add this as a configuration option to CW, in order
> to have it automatically configure sessions timeouts depending on the
> user connected.
>
> It could look like this in the configuration file:
>
> anynomous-sql-session-timeout=30s
> authenticated-sql-session-timeout=1min
> admin-sql-session-timeout=0
>
> Should I add a ticket ?
two: one for logilab-database, the other for cw.
--
Sylvain Thénault, LOGILAB, Paris (01.45.32.03.12) - Toulouse (05.62.17.16.42)
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure: http://www.logilab.fr/services
CubicWeb, the semantic web framework: http://www.cubicweb.org
More information about the Cubicweb
mailing list