You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2019/12/27 10:10:58 UTC
[GitHub] [airflow] potiuk edited a comment on issue #6912: [AIRFLOW-6352]
security - ui - add login timeout
potiuk edited a comment on issue #6912: [AIRFLOW-6352] security - ui - add login timeout
URL: https://github.com/apache/airflow/pull/6912#issuecomment-569238068
This change introduces a new behaviour (logout after 60 minutes). While it is good for security reasons (obviously) the UI of Airflow has a little bit different use patterns/characteristics than typical user-facing apps.
It's mostly internal use, with very small number of users, it's already behind a VPN and I guess often witht some kind of client certificates being verified by web seervers. I can imagine in those cases prolonged session persistency might be important feature for users using Apache Airflow. In many cases UI of Airflow can be used in a fashion similar to "operational dashboard" rather than the typical case of "login/do something/logout".
Since we have no auto-refresh yet, using Airflow as dashboard with 60 minutes logout session would not be super user-friendly.
I'd love to hear what others think about it, but I believe at the very least UPDATING.md should mention that new behaviour if we agree this is a good thing to introduce 60 minutes (or another period) timeout.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services