lekkimworld.comsecurity

Websphere Application Server Security - make sure file based auth continues if federated repository is unavailable

Wed, 30 Jun 2010 06:26:46 GMT

While looking for another tidbit of information on Google I found this very interesting setting in a WAS FAQ (Q & A: Frequently asked questions about WebSphere Application Server security). That fact that access to the Integrated Solutions Console (ISC) would stop if a LDAP directory was unavailable even though the ISC admin account was local has been bothering me for a while. It was nice to see that this fact which has been irritating me for a while (when it isn't set) is solvable.

7. When using a federated repository, is there a way to ensure that my file-based registry will continue to function when a LDAP server is down?
Yes, there is a configuration option that enables the authentication to continue if one or more other registries are down, as long as the ID is found in one of the registries that are still up and functional. The federated repository configuration command to permit this is:

$AdminTask createIdMgrRealm -name ibmRealm -allowOperationIfReposDown true

More information can be found in the Information Center article: IdMgrRealmConfig command group for the AdminTask object.

Is the security of the Notes/Domino Java implementation questionable? (security vulnerability in the Notes/Domino Java API)

Thu, 07 Dec 2006 11:14:47 GMT

During some security research into the Notes/Domino Java API I stumbled upon what I cannot judge to be anything but a major flaw in the Java implementation of Notes/Domino. The flaw allows me to circumvent the restricted/unrestricted operations security model for agents as well as all security measures put in place by the SecurityManager installed by IBM. The research was done on Notes/Domino 7.0.1 but I cannot see why it shouldn't be applicable to prior releases. I have been working with the IBM Security Response Team to assess the implications and technote #1248025 (SPR# KLYH6NSJD2) has the official IBM response.

Potential IBM Lotus Notes information leakage on port 1352

Wed, 08 Nov 2006 21:53:39 GMT

Saw a technote on the Lotus Domino Support RSS feed on some potential information leakage on the Notes/Domino port (1352). Interesting as I cannot remember the last time I saw a security issue being reported in regard to the NRPC protocol. A fact that warms my security-conscientious heart.

Security threats of syndicated content

Mon, 07 Aug 2006 09:01:02 GMT

I guess it had to happen or will happen at some point that RSS is used as the vector to exploit some kind of security vulnerability.