diff options
author | Mark Sapiro <msapiro@value.net> | 2012-02-05 13:19:39 -0800 |
---|---|---|
committer | Mark Sapiro <msapiro@value.net> | 2012-02-05 13:19:39 -0800 |
commit | fdd6141b978cdc0876263d962f996eb88964537b (patch) | |
tree | 6836790556e26d896b791946fc60df5d0f88ab8a /Mailman/Defaults.py.in | |
parent | 3c1fe7bcb3c10650cd039c800aa1356886586873 (diff) | |
download | mailman2-fdd6141b978cdc0876263d962f996eb88964537b.tar.gz mailman2-fdd6141b978cdc0876263d962f996eb88964537b.tar.xz mailman2-fdd6141b978cdc0876263d962f996eb88964537b.zip |
Added Tokio Kikuchi's Cross-site Request Forgery hardening to the admin UI.
Diffstat (limited to 'Mailman/Defaults.py.in')
-rw-r--r-- | Mailman/Defaults.py.in | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index 14321e99..9aebaea2 100644 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -1,6 +1,6 @@ # -*- python -*- -# Copyright (C) 1998-2011 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2012 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -108,6 +108,9 @@ ALLOW_SITE_ADMIN_COOKIES = No # expire that many seconds following their last use. AUTHENTICATION_COOKIE_LIFETIME = 0 +# Form lifetime is set against Cross Site Request Forgery. +FORM_LIFETIME = hours(1) + # Command that is used to convert text/html parts into plain text. This # should output results to standard output. %(filename)s will contain the # name of the temporary file that the program should operate on. |