[cisco-voip] CCM 6.1 CCMAdmin timeout
Justin Shore
justin at justinshore.com
Mon Jun 8 12:26:20 EDT 2009
Bill Simon wrote:
> Does everyone see this as a big deal?
>
> What about standard security practices... not leaving yourself logged in
> for long periods of time... etc.
>
> I don't see the big deal about logging back in after a timeout.
>
> This is kind of like everyone who wants to "fix" SFTP by changing it to
> FTP. It's not a fix, it's a feature request to loosen security.
I would call this a major usability screw up on the developer's part. I
agree with what other people said from previous threads (that I found
via Google). Configuring something complex requires you to spend a fair
bit of time on a single page with no activity. It's not much fun to
discover that the 20m of work you put into something just disappeared
because of an arbitrary timeout that developer came up with.
I'm 100% opposed to arbitrary and capricious timeout values for web apps
chosen by developers under the guise of security. IMHO security for
administrative interfaces should be done on the machine level; not
application level. At the very least the feature should be
configurable. Any time a developer defines a numeric value that affect
a UI without creating a knob to adjust it, then that's a bug IMHO.
Justin
More information about the cisco-voip
mailing list