× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. JAVA400-L
  3. March 2002

RE: HTTP-server, Websphere, security



Hi Erik,

I checked the websphere security-settings, the default-userid's profile, and
they are the same on both machines. But I think, that the problem is not at the
level of the default-userid's. In fact, first, the user should be authenticated,
and only after this is successfully accomplished, the user should adopt the
rights of the default user. I have the problem, that the authentication which is
defined in the HTTP-server, is bypassed by some means on the production machine.

Maybe, someone has an idea.

Marc N.






Erik Mitsch <baron@baron-inc.net> on 20/03/2002 17:12:59

Please respond to java400-l@midrange.com

To:   java400-l@midrange.com
cc:    (bcc: Marc Nothum/EPT)

Subject:  RE: HTTP-server, Websphere, security




Hey Marc,

> But on the production machine you can access the pages without entering a
> password. Apearently, the setting on both machines are the same.
> As I understand the documentations, the Websphere also has security
> settings, but we don't use them.

You'll definately want to take a look at those Websphere security settings,
and also the security settings for the WAS Default User on the production
machine.  As I understand it (which could be flawed), both the HTTP Server
and WAS have a default "user" (QHTTPSRV or something?), which allow the user
to view the files defined as accessable to the public.  However, if these
settings are flawed in any way, it could allow a user greater access, which
would explain why one can get in without a password.

That's what it appears at first blush to me, at least.  Hope it helps!

- Erik
http://www.baron-inc.net


_______________________________________________
This is the Java Programming on and around the iSeries / AS400 (JAVA400-L)
mailing list
To post a message email: JAVA400-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/java400-l
or email: JAVA400-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.