WebSphere-World

Main Menu

· Home
· Topics
· Downloads
· Forums
· Submit News
· Top 10

Other Modules

· Sign In / Your Account
· Members List
· Statistics
· Feedback
· Need a break? [Games]
· About this site / FAQs

Who's Online

There are currently, guest(s) and member(s) that are online.

You are Anonymous user. You can register for free by clicking here

User's Login

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

GameHighScores

WebSphere-World: Security

[ Go to Home | Select a New Topic ]

SAML support for WebSphere Web Services is here!

WAS 7.0.0.7 fixpack has support for SAML token now. See Henry Chung's post for more details...

Posted by billylo on Sunday, November 22 @ 10:41:01 EST (751 reads)
(Read More... | 280 bytes more | comments? | Score: 0)

Security news: Potential bypass of J2EE web contraints by using non-standard HT

If your application relies on J2EE constraints to enforce access control for JSPs, I'd encourage you to review this IBM technote and apply the fix. This problem exists in 6.0, 6.1 and 7.0

Posted by billylo on Thursday, August 13 @ 10:16:42 EDT (842 reads)
(comments? | Score: 0)

Potential security exposure and fixes for WAS 5.1, 6.0 and 6.1 (up to 6.1.0

For full details, see IBM support flash here...

Potential Exposure when using logoutExitPage Feature in IBM WebSphere Application Server

Content

Versions affected:
IBM® WebSphere® Application Server V5.0, V5.1 through 5.1.1.19, V6.0 through 6.0.2.29, V6.1 through 6.1.0.21.

This does not occur on V6.0.2.33 or later, V6.1.0.23 or later, or V7.

Problem Description:
Customers who leverage the logoutExitPage feature have a potential exposure that allows for a possible redirection to an undesired hostname or website.

Posted by billylo on Wednesday, January 14 @ 10:25:32 EST (846 reads)
(comments? | Score: 0)

WebSphere and Windows Single Sign On

You can set up WebSphere to connect to Windows Active Directory to achieve Single Sign On. Martin's article covers that in details.

Posted by billylo on Thursday, September 25 @ 08:41:19 EDT (1635 reads)
(Read More... | 10 comments | Score: 0)

Did you know you can turn off Global Security for a server in a secured cell?

You can follow these steps to turn off Global Security for a server in a secured cell.

Posted by billylo on Friday, September 19 @ 10:58:10 EDT (1524 reads)
(Read More... | 9 comments | Score: 0)

Snort your way to more secure websites

jmalasko writes "
Enter Snort, a free and open source Network Intrusion Prevention System and Network Intrusion Detection System tool for managing and preventing intrusions to your Web sites, applications, and Internet-enabled programs. Learn how Snort can protect your sites, as well as analyze what's really going on with your networks.
"

Posted by billylo on Tuesday, June 10 @ 08:34:50 EDT (1365 reads)
(Read More... | 2 comments | Score: 0)

Security fix to prevent WAS admin (Monitor role) to be able to view any files

This affects WAS 6.0.x and 6.1.x. WAS Admin with "Monitor" role can view any files that the WAS process has access to. If you run WebSphere as root, that would mean all files on the server.

A fix is provided by IBM.

Posted by billylo on Tuesday, June 10 @ 08:30:08 EDT (1182 reads)
(comments? | Score: 0)

WebSphere and SPNEGO article updated

WebSphere can be used with Microsoft Active Directory to achieve single signon (using SPNEGO, Kerberos). Rob Pereen has updated his article on this. Rob provides a step-to-step guide to get it working. Very useful.

Posted by billylo on Friday, June 06 @ 09:14:49 EDT (1529 reads)
(Read More... | 1 comment | Score: 0)

Stop hackers from launching cross-site scripting attacks

Anonymous writes "
Cross-site scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into Web applications. Learn how hackers launch an attack, what damage it does, how to detect them, and how to prevent your Web site and your visitors from these invasions of privacy.
"

Posted by billylo on Wednesday, April 09 @ 08:42:15 EDT (1192 reads)
(comments? | Score: 0)

Security Advisory for WAS 6.1

A new security advisory on WAS 6.1. Problem with admin scripting and sensitive information in log files. Fixes included in 6.1.0.15.

Posted by billylo on Sunday, March 16 @ 04:06:21 EDT (1182 reads)
(comments? | Score: 0)

SPNEGO Programming Techdoc Published

robobob writes "As a follow-up to the techdoc "WebSphere with a side of SPNEGO", which describes how to use SPNEGO for SSO authentication in a WAS environment, there is now a new SPNEGO programming techdoc, which shows you how to leverage SPNEGO for SSO in your own J2EE and .NET web services client applications.

Making use of SPNEGO n your J2EE and .NET client applications:
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP101215

WebSphere with a side of SPNEGO:
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP101065
"

Posted by billylo on Friday, February 29 @ 10:26:13 EST (1767 reads)
(Read More... | 4 comments | Score: 0)

Want to learn about the concept LTPA security token in WAS6?

There is a webcast coming up on Feb 26 on this by Katherine Reichard. Check it out if you need to deal with WebSphere security and single sign on solutions.

Posted by billylo on Tuesday, February 19 @ 08:39:29 EST (1952 reads)
(Read More... | 4 comments | Score: 0)

Security related fix: Avoid using ServeServletByClassName

If you are using this feature in WAS 6.x, check out this note from IBM. A potential exposure there.

Posted by billylo on Monday, January 21 @ 09:05:24 EST (1662 reads)
(Read More... | 6 comments | Score: 0)

Trouble with setting up SSL and WebSphere

This WebCast on SSL setup (Jan 22, 23, 24) takes you through the details of keyfiles and certificates. You can also ask questions.

Posted by billylo on Monday, January 07 @ 09:14:26 EST (1610 reads)
(Read More... | 3 comments | Score: 0)

Important fix for potential security issue

IMPORTANT: If you are not on the most current WebSphere versions (6.0.2.21 or 6.1.0.9), you have a potential security exposure where one might be able to see another's response data (on web page) in certain scenarios (PK41446, PK42875 and PK46618). See details here.

This affects most WebSphere 6.x users.

Posted by billylo on Wednesday, July 25 @ 07:56:37 EDT (1481 reads)
(comments? | Score: 0)

Search Box

Related Sites

News for WebSpherians

RSS Data Feed

WeDoWebSphere.de

WebSphere.org

WebSphere Help, Tips and Tricks Blog

WebSphere Community Blog

Links

IBM WAS Support FAQs

WebSphere e-Fixes FTP

WebSphere is a registered trademark of International Business Machines Corporation in the United States or other countries or both.
Please note that this site is a user-driven community site. It is not operated by IBM. Information is provided on an as-is basis and it may or may not be supported by IBM.

PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.20 Seconds