Red Hat NETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS Guide de l'utilisateur Page 82
- Page / 328
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter 2: Security Measures
2-16
Security Measures for the J2EE Resource Access
Definition
This section explains the following topic:
• Leakage of Password Information
Leakage of Password Information
The J2EE resource access definition can hold definitions of access information for various resources
used by J2EE applications. This access definition information is saved in a file, which includes
password information. There is a possible threat that an ill-intentioned person may furtively read this file.
A countermeasure for defending the file storing password information from threats is to make it
inaccessible by end users. For this purpose, it is recommended to set a rule that only users having
administrator authorization (superuser for a Solaris OE/Linux system, and Administrator for Windows(R)
system) can use the J2EE resource access definition.
- Security System Guide 1
- Trademarks 2
- Preface 3
- Table of Contents 7
- Part I 21
- Security Risks and Measures 21
- Chapter 1 23
- Security Risks 23
- Operation Tool 24
- Resource Possible threat 25
- J2EE Application 27
- Resources to be Protected 28
- Possible Security Risks 29
- Possible Countermeasures 31
- Web Services 33
- Database Linkage Service 34
- Periodic Backup 40
- OLTP Function 41
- Smart Repository 46
- Potential Security Threats 47
- Password Encryption 48
- Periodic Change of Passwords 48
- Operation by Limited Users 48
- Periodic Data Backup 49
- Interstage Single Sign-on 50
- Possible Threats 51
- Security Measures 52
- Application Programming 55
- Applying Patches 56
- Multi Server Management 57
- Configuration Model 58
- Threat Prevention 61
- Chapter 1: Security Risks 66
- Chapter 2 67
- Common Security Measures 68
- Notes on User Accounts 69
- Notes on Communication Data 69
- (Interstage HTTP Server) 70
- (InfoProvider Pro) 75
- Notes on the Use of Sessions 76
- SSL Encryption 80
- Definition 82
- About Authorization Settings 87
- About Errors and Exceptions 87
- Notes on IJServer Execution 89
- Repository 90
- Security Role Settings 92
- Part II 95
- Chapter 3 97
- Interstage HTTP Server 97
- Types of Authentication 98
- IP Access Control 99
- Online Collation 100
- Registering a User Password 101
- Relating Directives 103
- AuthName 104
- AuthType 104
- AuthUserFile 105
- <Directory> 105
- Require 106
- Operation without Using SSL 112
- Operation Using SSL 112
- Creating Entries 114
- Item Description 115
- AddModule 125
- AuthLDAPbasedn 125
- AuthLDAPBindDN 126
- AuthLDAPBindPassword 127
- AuthLDAPCertPath 127
- AuthLDAPEnabled 128
- AuthLDAPHost 128
- AuthLDAPPort 129
- AuthLDAPSecure 129
- AuthLDAPSlotPath 130
- AuthLDAPTknLbl 131
- AuthLDAPTknPwd 131
- LoadModule 134
- ServerRoot 136
- Part III 139
- Firewall and Proxy Server 139
- Chapter 4 141
- HTTP Tunneling 141
- HTTP Tunneling Mechanism 142
- HTTP Gateway Environment) 143
- Operating HTTP Tunneling 143
- HTTP Tunneling Setup 144
- Writing HTML 147
- Setting up HTTP Tunneling 148
- Parameter Name Meaning 149
- Java Applets 150
- Chapter 4: HTTP Tunneling 154
- Chapter 5 155
- HTTP Tunneling of J2EE 155
- Environment 157
- Property 157
- Meaning 157
- Chapter 6 161
- Linkage of the Proxy 161
- Part IV 163
- Authentication and Encrypted 163
- Chapter 7 165
- Certificate including 167
- Certificate without 167
- CA (Certification Authority) 168
- Configuring Environments 169
- Using PKCS#12 Data 170
- Registering a CRL 176
- Importing the PKCS#12 data 179
- Certificate Management 183
- Operation Begins 184
- Deleting a Certificate 184
- Chapter 8 185
- Command 185
- Management Environment 186
- Resource Registration 196
- Command Description 199
- Chapter 9 201
- Registering the User PIN 203
- General Operation of SSL 204
- CustomLog 213
- DocumentRoot 214
- ErrorLog 215
- LogFormat 217
- ScriptAlias 219
- ServerAdmin 220
- ServerName 220
- SetEnvIf 222
- SSLCertName 222
- SSLCICACertName 223
- SSLCipherSuite 224
- SSLEnvDir 226
- SSLExec 226
- SSLSlotDir 227
- SSLTokenLabel 227
- SSLUserPINFile 228
- SSLVerifyClient 229
- SSLVersion 230
- <VirtualHost> 232
- Chapter 10 233
- Operating the SSL Linkage 237
- Reference 238
- Command Definition 239
- Editing config File 240
- How to Use SSL with J2EE 243
- Chapter 11 243
- Chapter 12 247
- Repository Client and Server 249
- Part V 251
- Chapter 13 253
- Digital Signature Function 254
- Function 256
- SOAP Messages 257
- Communication via the Proxy 258
- Chapter 14 259
- Services (SOAP) 259
- Property name Value 260
- Operation 262
- Certificate Environment 263
- Using a CORBA/SOAP Gateway 273
- Chapter 15 275
- Setting User Information 278
- Preparing a Private-key 284
- Preparing a Site Certificate 290
- Preparing a Private Key 294
- Fault Codes 297
- Fault code Explanation 298
- Supported Algorithms 299
- Chapter 16 303
- System) 304
- Part VI 317
- Service 317
- Chapter 17 319
- Chapter 18 321
Produits connexes et manuels pour Serveurs Red Hat NETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
Serveurs Red Hat NETSCAPE DIRECTORY SERVER 6.2 - GATEWAY CUSTOMIZATION Guide d'installation
(142 pages)
(142 pages)
(32 pages)
Serveurs Red Hat NETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE Guide de l'utilisateur
(332 pages)
(332 pages)
Serveurs Red Hat NETSCAPE ENTERPRISE SERVER 6.1 - PROGRAMMER GUIDE TO SERVLETS Guide d'installation
(72 pages)
(72 pages)
Serveurs Red Hat NETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS Manuel d'installation
(92 pages)
(92 pages)
© 2020, manymanuals.fr. Tous droits réservés | 0.040 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels