Unformatted text preview: lookup. Such operations are expensive in terms of performance. Moreover, this type of tuning needs to take into consideration the following facts: • In a non-secure environment, such as users accessing your application from the Internet, increasing the authentication cache timeout may allow a potential hacker from stealing an authentication token and give the hacker enough time to penetrate the system before the token expiration. This should not be the case if your application is accessed only within your intranet. • A short period for the timeout will affect performance in that the system would have to request the desired information from back-end and support systems more often...
View Full Document
- Spring '12
- security information, authentication cache timeout