This is an automated email from the ASF dual-hosted git repository.
ephraimanierobi pushed a commit to branch v2-7-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
commit a6a837d68f3e25c8573bba63a3810e7f2d7d13be
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Wed Oct 11 17:44:24 2023 -0300
Add session configuration to deployment manager's responsibilities. (#34866)
(cherry picked from commit 27671fa53d00533a7c82ed48a04a2e24f49c644f)
---
docs/apache-airflow/security/security_model.rst | 1 +
1 file changed, 1 insertion(+)
diff --git a/docs/apache-airflow/security/security_model.rst
b/docs/apache-airflow/security/security_model.rst
index 6c9e3da151..4b426ea041 100644
--- a/docs/apache-airflow/security/security_model.rst
+++ b/docs/apache-airflow/security/security_model.rst
@@ -110,6 +110,7 @@ Airflow is deployed. This includes but is not limited to:
* applying authentication and authorization to the web application so that
only known and authorized
users can have access to Airflow
* any kind of detection of unusual activity and protection against it
+* choosing the right session backend and configuring it properly including
timeouts for the session
Airflow does not implement any of those feature natively, and delegates it to
the deployment managers
to deploy all the necessary infrastructure to protect the deployment - as
external infrastructure components.
