Re: IBM WebSPhere 3.5

[Erwin Geirnaert <egeirnaert () REFERENCE BE>]

Hi Rodrick

I'm just following the IBM WebSphere Administration course, so I'll try to
answer your questions.

Anyone here know of any known bugs with IBM Websphere 3.5

there are 2 little bugs that showed the actual code of your jsp pages.This
is when you enable 2 servlets in WebSphere (see SecurityFocus), so don't use
jsp (same with ASP for IIS ;-))

I have noticed
that
default installations
there is no security when using the administrative console, any user can
connect
through admin console without a password.

True, but keep in mind that the connection to the server is not with HTTP
but with IIOP on port 900. so this has to be blocked on the firewall!
You can enable security on the server, by selecting Configuration - Security
- Global settings and selecting "Enable security". This will have a huge
performance impact, so keep this in mind that restarting the Admin service
will take a lot of time!

Ive also noticed that OS level security can only work if your running
Websphere
as root, and from what I have diagnose this is what most
people are doing. When trying to configure Websphere to run as non root
it seems
to only work with LDAP which isn't feasible in most
small->medium size environments

We are running the server on NT, so we created an additional user for this
purpose.
What do you mean with the LDAP? This is for security configuration of users
and not for the actual configuration of WebSphere.
This actual configuration happens in a database that is dependent of your
version.
WebSphere Standard Edition -> Instant DB
WebSphere Advanced & Enterprise Edition -> DB2

Always install the latest fixpack for your version, for 3.5 Fixpack 2 is out
but you also have to install the fixpack for DB2. Check www.ibm.com

Hope this helps.

Erwin