tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-29 07:59:31 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #9547 from jakxnz/pulls/4/mention-session-timeout-in-security-docs

Browse Source 
Added mention of Session.timeout to secure_coding docs
This commit is contained in:
Robbie Averill 2020-06-12 09:30:26 -07:00 committed by GitHub
commit 213e97f7b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
View File

@ -617,6 +617,7 @@ In addition, you can tighten password security with the following configuration
the user is blocked from further attempts for the timespan defined in `$lock_out_delay_mins`
* `Member.lock_out_delay_mins`: Minutes of enforced lockout after incorrect password attempts. Only applies if `lock_out_after_incorrect_logins` is greater than 0.
* `Security.remember_username`: Set to false to disable autocomplete on login form
* `Session.timeout`: Set timeout to attenuate the risk of active sessions being exploited
## Clickjacking: Prevent iframe Inclusion