Simon Phipps wrote: >> You have a single log in to the site, the same credentials are used >> for both editing web pages and managing access to source code. > > Right. And I only want one log-in. What I'm suggesting is that you don't > age the credentials uniformly across the site. Rather, I am suggesting > that you age them aggressively in areas where the leverage gained by > abuse is strong (e.g. changing SSH keys) and age them very casually > elsewhere. I once again assert that it's a bad choice to burden every > interaction simply to protect a very small minority of interactions.
That's difficult to implement and will be confusing for users. We won't therefore be doing that. -- Alan Burlison -- _______________________________________________ website-discuss mailing list [email protected]
