This is an automated email from the ASF dual-hosted git repository. ephraimanierobi pushed a commit to branch v2-7-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit a6a837d68f3e25c8573bba63a3810e7f2d7d13be Author: Jarek Potiuk <ja...@potiuk.com> AuthorDate: Wed Oct 11 17:44:24 2023 -0300 Add session configuration to deployment manager's responsibilities. (#34866) (cherry picked from commit 27671fa53d00533a7c82ed48a04a2e24f49c644f) --- docs/apache-airflow/security/security_model.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/apache-airflow/security/security_model.rst b/docs/apache-airflow/security/security_model.rst index 6c9e3da151..4b426ea041 100644 --- a/docs/apache-airflow/security/security_model.rst +++ b/docs/apache-airflow/security/security_model.rst @@ -110,6 +110,7 @@ Airflow is deployed. This includes but is not limited to: * applying authentication and authorization to the web application so that only known and authorized users can have access to Airflow * any kind of detection of unusual activity and protection against it +* choosing the right session backend and configuring it properly including timeouts for the session Airflow does not implement any of those feature natively, and delegates it to the deployment managers to deploy all the necessary infrastructure to protect the deployment - as external infrastructure components.