Thanks Dude for your response, I have set up our idle time out inactivity configuration a little bit higher than that but it is our general time out that I also would like to know what more people are using as security best practice, this is where for example our external users have up to 2 hours to view or submit web forms and then our system would challenge them to re-authenticate.
Any more feedback would be greatly appreciated. oc -----Original Message----- From: The Dude [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 05, 2002 11:11 AM To: [EMAIL PROTECTED]; Orlando J. Cano Subject: RE: Timeout -Inactivity I build a lot of web-based apps for compaq and their time out requirements are 15 min. > Timeout -InactivityDate: Thu, 3 Jan 2002 14:01:03 -0800 > "Orlando J. Cano" <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> >I was wondering what everyone else is using as timeouts for the >following configurations: > >Internal systems? >Web based applications? >Is the timeout configuration different between your external customers >and internal users? > >Could I get any feedback on this issue? > >Thanks > > >Orlando Cano >Enterprise Security Analyst >[EMAIL PROTECTED] ------------------------------------------------------------ Powered by the Coruscant Holonet at http://www.echostation.com