Re: "Exploit"... Reply #15 – May 11, 2013, 10:46:04 pm ok, thank you all...two more ideas to discuss (a good german beer is sometimes a great inspration )- remove the checkbox "Disable administration security" from the gui and make it a hidden db setting? It shouldn't be that easy to bypass a critical security related setting.- make the admin session lifetime configurable via setting and allow values between 5 minutes and 1 hour (current refresh time is 3600) I'd personally prefer a shorter refresh time. (10 minutes?) Except from the maintenance tasks you'd normally need just some minutes to finish the admin task.