Brian Utterback wrote: > And your point is? > > I mean, of course. Are you asserting that this change is to avoid forum > spam and site defacement? I thought you said it was to protect source code?
It's primarily a security issue. But it will make it easier to knock spammers out of the loop as well. So the answer is 'both'. > > I've said that expecting people to have to log in once a day is > > not unreasonable, and I've seen no firm evidence to the contrary. > > What kind of evidence would be sufficient for you? Do you need medical > records showing muscle damage from logging in so many times in a week? > You are stating an opinion about what is reasonable, others have > disagreed. You are unconvinced and apparently plan to go ahead with the > change despite the opposition. Others have then gotten miffed that you > are ignoring their opinions and you have gotten miffed that they are > miffed at you. Great progress there. That's incorrect, I have listened to the feedback I've been given. Dan and others quite reasonably pointed out that the initial proposal was too draconian as it would mean people logging in multiple times during a working day. Asking people to log in once on the days when they want to edit pages on the site doesn't seem unreasonable - or are you really asserting that logging in once a day is a risk to people's health? > Turn this around. Several people have stated that a longer session > timeout is not unreasonable and you have not offered firm evidence to > the contrary. I've already explained that I'm balancing security against usability. I've spoken to the Sun security people, and followed their lead in adopting an 8 hour inactivity logout. Actually, I'm being a little more lenient then them as they have a mandatory logout after 24 hours. Following their lead is an entirely reasonable and diligent approach, and that's what I am doing. -- Alan Burlison -- _______________________________________________ website-discuss mailing list [email protected]
