[cisco-voip] CCM 6.1 CCMAdmin timeout

Justin Shore justin at justinshore.com
Mon Jun 8 12:26:20 EDT 2009


Bill Simon wrote:
> Does everyone see this as a big deal?
> 
> What about standard security practices... not leaving yourself logged in 
> for long periods of time... etc.
> 
> I don't see the big deal about logging back in after a timeout.
> 
> This is kind of like everyone who wants to "fix" SFTP by changing it to 
> FTP.  It's not a fix, it's a feature request to loosen security.

I would call this a major usability screw up on the developer's part.  I 
agree with what other people said from previous threads (that I found 
via Google).  Configuring something complex requires you to spend a fair 
bit of time on a single page with no activity.  It's not much fun to 
discover that the 20m of work you put into something just disappeared 
because of an arbitrary timeout that developer came up with.

I'm 100% opposed to arbitrary and capricious timeout values for web apps 
chosen by developers under the guise of security.  IMHO security for 
administrative interfaces should be done on the machine level; not 
application level.  At the very least the feature should be 
configurable.  Any time a developer defines a numeric value that affect 
a UI without creating a knob to adjust it, then that's a bug IMHO.

Justin


More information about the cisco-voip mailing list