Interface Card OL* Support Guide
Chapter 2
pdweb - Peripheral Device Tool Web Interface
Security
25
Security
The Peripheral Device Tool uses SSL for all communications between the Web server and the browser. This
prevents eavesdroppers on the network from gleaning any passwords entered into the Peripheral Device Tool.
Additionally, SSL keeps anyone with the ability to inject packets on your network from hijacking your
session.
When you access pdweb from a Web browser, you log on using the secure HTML log-on screen. Your log-on
information is securely transmitted using the SSL protocol. SSL provides data encryption and server
authentication by using a public and private key technology. The Web server uses a certificate for server
authentication. By default, this certificate is self-signed, but it may be replaced by a certificate that is signed
by a trusted certificate authority.
If the Web browser is displayed on a different system than it is running on, X Window events are sent over
the network as clear text. It may be possible to intercept information, including passwords, as it moves
between the system the browser is running on the system it is displayed on. The pdweb command does not
automatically use a Web browser unless it is running on the same host as the X-Windows server. To override
this security feature, use the -F option.
IMPORTANT When the Peripheral Device Tool is used as part of sam (1M), it is launched using the -F, which
provides the same security as in sam. Refer to the pdweb (1M) manual page for more details.