During Use

To reduce security risks during use:

• Periodically change the passwords for the default Waveset administrator accounts (Administrator and Configurator).

• Log out of Waveset when not actively using the system.

• Set or know the default timeout period for an Waveset session. Session timeout values may differ, as they can be set independently for each login application.

If your application server is Servlet 2.2-compliant, the Waveset installation process sets the HTTP session timeout to a default value of 30 minutes. You can change this value by editing the property; however, you should set the value lower to increase security. Do not set the value higher than 30 minutes.

To Change the Session Timeout Value

1. Edit the web.xml file, which is located in theidm/WEB-INF directory in your application server directory tree.

2. Change the number value in the following lines:

   <session-config> <session-timeout>30</session-timeout></session-config>