This is an automated email from the ASF dual-hosted git repository. ephraimanierobi pushed a commit to branch v2-7-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 9872d397a173d85622c380207740e416674e45b0 Author: Jarek Potiuk <ja...@potiuk.com> AuthorDate: Wed Oct 11 17:44:24 2023 -0300 Add session configuration to deployment manager's responsibilities. (#34866) (cherry picked from commit 27671fa53d00533a7c82ed48a04a2e24f49c644f) --- docs/apache-airflow/security/security_model.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/apache-airflow/security/security_model.rst b/docs/apache-airflow/security/security_model.rst index 6c9e3da151..4b426ea041 100644 --- a/docs/apache-airflow/security/security_model.rst +++ b/docs/apache-airflow/security/security_model.rst @@ -110,6 +110,7 @@ Airflow is deployed. This includes but is not limited to: * applying authentication and authorization to the web application so that only known and authorized users can have access to Airflow * any kind of detection of unusual activity and protection against it +* choosing the right session backend and configuring it properly including timeouts for the session Airflow does not implement any of those feature natively, and delegates it to the deployment managers to deploy all the necessary infrastructure to protect the deployment - as external infrastructure components.