Added Tokio Kikuchi's Cross-site Request Forgery hardening to the admin UI.

author: Mark Sapiro <msapiro@value.net> 2012-02-05 13:19:39 -0800
committer: Mark Sapiro <msapiro@value.net> 2012-02-05 13:19:39 -0800
commit: fdd6141b978cdc0876263d962f996eb88964537b (patch)
tree: 6836790556e26d896b791946fc60df5d0f88ab8a /Mailman/Defaults.py.in
parent: 3c1fe7bcb3c10650cd039c800aa1356886586873 (diff)
download: mailman2-fdd6141b978cdc0876263d962f996eb88964537b.tar.gz
mailman2-fdd6141b978cdc0876263d962f996eb88964537b.tar.xz
mailman2-fdd6141b978cdc0876263d962f996eb88964537b.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index 14321e99..9aebaea2 100644
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -1,6 +1,6 @@
 # -*- python -*-
 
-# Copyright (C) 1998-2011 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2012 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -108,6 +108,9 @@ ALLOW_SITE_ADMIN_COOKIES = No
 # expire that many seconds following their last use.
 AUTHENTICATION_COOKIE_LIFETIME = 0
 
+# Form lifetime is set against Cross Site Request Forgery.
+FORM_LIFETIME = hours(1)
+
 # Command that is used to convert text/html parts into plain text.  This
 # should output results to standard output.  %(filename)s will contain the
 # name of the temporary file that the program should operate on.
author	Mark Sapiro <msapiro@value.net>	2012-02-05 13:19:39 -0800
committer	Mark Sapiro <msapiro@value.net>	2012-02-05 13:19:39 -0800
commit	fdd6141b978cdc0876263d962f996eb88964537b (patch)
tree	6836790556e26d896b791946fc60df5d0f88ab8a /Mailman/Defaults.py.in
parent	3c1fe7bcb3c10650cd039c800aa1356886586873 (diff)
download	mailman2-fdd6141b978cdc0876263d962f996eb88964537b.tar.gz mailman2-fdd6141b978cdc0876263d962f996eb88964537b.tar.xz mailman2-fdd6141b978cdc0876263d962f996eb88964537b.zip