 |
| Main Menu | |
| Other Modules | |
| Who's Online | |
There are currently, 80 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here | |
| User's Login | |
|
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name. | |
| GameHighScores | |
| |
 | WebSphere / DataPower SSL interoperability |
 Use case: DataPower XI52 Web Services Proxy acting as web services provider endpoint (https) web services client was running on WebSphere AppServer 7.0
We kept getting javax.net.ssl.SSLKeyException after we switched to use SSL on DataPower. It turns out that the IBM JDK does not like SSL that uses large key size 4096-bits on the DataPower side. See this link for some more details.
The solution is to use the unrestricted JCE policy files (downloaded from here.) Or go back to 1024-bits.
This one took me a couple of days to figure out. So, I figured you may find it useful too.
|
|
|
Posted by billylo on Sunday, June 03 @ 10:44:07 EDT (1264 reads)
(comments? | Score: 0)
|
|
|
| DMZ Proxy Server that comes with WebSphere AppServer |
|
One of the little known features in WAS 6.0 and above is called WebSphere Proxy Server that comes with WAS. In fact, there are three different types of them: WebSphere Proxy Server, DMZ Secured Proxy and Edge Component Caching Proxy. (in addition to the HTTP server plug-in: which is also another kind of proxy.)
This article describes the details of the first type (WebSphere Proxy Server). If you are curious about how WebSphere Proxy Server is different from HTTP server plugins, check out this comparison.)
WebSphere Proxy Server is basically a caching reverse proxy that understands the WAS topology, interacts with Dmgr and can cache dynamic content (e.g. servlet outputs) as well as static content. It can be managed from the WAS admin console and JMX.
|
|
|
Posted by billylo on Monday, March 12 @ 05:22:50 EDT (3243 reads)
(comments? | Score: 0)
|
|
|
| WebSphere: Denial of Service issue - Important Fix |
If you are running WAS 7.0.0.13 or before (especially for an external facing web site) or 6.1.0.35 or before, this fix is an important one. It corrects a floating point conversion bug in the JDK that causes the server to hang or freeze.
Since this is a JDK issue, other Java-based product (such as WebSphere Portal Server, WebSphere ESB or WebSphere Process Server) would be affected as well.
|
|
|
Posted by billylo on Monday, March 14 @ 11:43:34 EDT (1851 reads)
(comments? | Score: 0)
|
|
|
| Security news: Potential bypass of J2EE web contraints by using non-standard HT |
If your application relies on J2EE constraints to enforce access control for JSPs, I'd encourage you to review this IBM technote and apply the fix. This problem exists in 6.0, 6.1 and 7.0
|
|
|
Posted by billylo on Thursday, August 13 @ 10:16:42 EDT (1199 reads)
(comments? | Score: 0)
|
|
|
| Potential security exposure and fixes for WAS 5.1, 6.0 and 6.1 (up to 6.1.0 |
For full details, see IBM support flash here...
Potential Exposure when using logoutExitPage Feature in IBM WebSphere Application Server | | |
|
| | Content | Versions affected:
IBM® WebSphere® Application Server V5.0, V5.1 through 5.1.1.19, V6.0 through 6.0.2.29, V6.1 through 6.1.0.21.
This does not occur on V6.0.2.33 or later, V6.1.0.23 or later, or V7.
Problem Description:
Customers who leverage the logoutExitPage feature have a potential
exposure that allows for a possible redirection to an undesired
hostname or website. |
|
|
|
Posted by billylo on Wednesday, January 14 @ 10:25:32 EST (1212 reads)
(comments? | Score: 0)
|
|
|
| WebSphere and Windows Single Sign On |
You can set up WebSphere to connect to Windows Active Directory to achieve Single Sign On. Martin's article covers that in details.
|
|
|
Posted by billylo on Thursday, September 25 @ 08:41:19 EDT (3029 reads)
(Read More... | 10 comments | Score: 0)
|
|
|
| Did you know you can turn off Global Security for a server in a secured cell? |
You can follow these steps to turn off Global Security for a server in a secured cell.
|
|
|
Posted by billylo on Friday, September 19 @ 10:58:10 EDT (2881 reads)
(Read More... | 9 comments | Score: 0)
|
|
|
| Security fix to prevent WAS admin (Monitor role) to be able to view any files |
This affects WAS 6.0.x and 6.1.x. WAS Admin with "Monitor" role can view any files that the WAS process has access to. If you run WebSphere as root, that would mean all files on the server.
A fix is provided by IBM.
|
|
|
Posted by billylo on Tuesday, June 10 @ 08:30:08 EDT (2072 reads)
(comments? | Score: 0)
|
|
|
| WebSphere and SPNEGO article updated |
WebSphere can be used with Microsoft Active Directory to achieve single signon (using SPNEGO, Kerberos). Rob Pereen has updated his article on this. Rob provides a step-to-step guide to get it working. Very useful.
|
|
|
Posted by billylo on Friday, June 06 @ 09:14:49 EDT (2665 reads)
(Read More... | 1 comment | Score: 0)
|
|
|
| Security Advisory for WAS 6.1 |
A new security advisory on WAS 6.1. Problem with admin scripting and sensitive information in log files. Fixes included in 6.1.0.15.
|
|
|
Posted by billylo on Sunday, March 16 @ 04:06:21 EDT (1504 reads)
(comments? | Score: 0)
|
|
|
| Want to learn about the concept LTPA security token in WAS6? |
There is a webcast coming up on Feb 26 on this by Katherine Reichard. Check it out if you need to deal with WebSphere security and single sign on solutions.
|
|
|
Posted by billylo on Tuesday, February 19 @ 08:39:29 EST (3162 reads)
(Read More... | 4 comments | Score: 0)
|
|
| |
| Search Box | |
| Related Sites | |
| Links | |
|
|
