Vulnerability Development mailing list archives
Re: IBM WebSPhere 3.5
From: Erwin Geirnaert <egeirnaert () REFERENCE BE>
Date: Fri, 27 Oct 2000 09:44:45 +0200
Hi Rodrick I'm just following the IBM WebSphere Administration course, so I'll try to answer your questions. Anyone here know of any known bugs with IBM Websphere 3.5 there are 2 little bugs that showed the actual code of your jsp pages.This is when you enable 2 servlets in WebSphere (see SecurityFocus), so don't use jsp (same with ASP for IIS ;-)) I have noticed that default installations there is no security when using the administrative console, any user can connect through admin console without a password. True, but keep in mind that the connection to the server is not with HTTP but with IIOP on port 900. so this has to be blocked on the firewall! You can enable security on the server, by selecting Configuration - Security - Global settings and selecting "Enable security". This will have a huge performance impact, so keep this in mind that restarting the Admin service will take a lot of time! Ive also noticed that OS level security can only work if your running Websphere as root, and from what I have diagnose this is what most people are doing. When trying to configure Websphere to run as non root it seems to only work with LDAP which isn't feasible in most small->medium size environments We are running the server on NT, so we created an additional user for this purpose. What do you mean with the LDAP? This is for security configuration of users and not for the actual configuration of WebSphere. This actual configuration happens in a database that is dependent of your version. WebSphere Standard Edition -> Instant DB WebSphere Advanced & Enterprise Edition -> DB2 Always install the latest fixpack for your version, for 3.5 Fixpack 2 is out but you also have to install the fixpack for DB2. Check www.ibm.com Hope this helps. Erwin
Current thread:
- IBM WebSPhere 3.5 Rodrick Brown (Oct 27)
- <Possible follow-ups>
- Re: IBM WebSPhere 3.5 Erwin Geirnaert (Oct 28)