Manualshelf

Communicator e3000 MPE/iX Release 7.5 (Software Release C.75.00) (30216-90336)

ManualsBrandsHP ManualsSoftwareMPE/iX 7.5 Operating System
21222324252627282930
Chapter 3
Internet and Interoperability
WebWise Replaces Apache in FOS
22
WebWise Replaces Apache in FOS
By Mark Bixby, Commercial Systems Division
The HP WebWise MPE/iX Secure Web Server version A.01.00 was first introduced as a separately
purchasable add-on product for MPE/iX 6.5 or greater. But as of MPE/iX 7.5, the WebWise web server has
been updated to version A.03.00 and replaces Apache in FOS as a no-extra-cost bundled product.
This is the second release of the HP WebWise MPE/iX Secure Web Server. It was labeled version A.03.00
because it is replacing the A.02.00 version of Apache. There was no A.02.00 version of WebWise.
HP WebWise MPE/iX Secure Web Server version A.03.00 is based on Apache 1.3.22 and adds mod_ssl 2.8.5 to
provide Secure Sockets Layer (SSL) encryption and X.509 authentication using digital certificates.
System Requirements and Patches
MPE/iX 7.5
HP highly recommends installing the latest NSTxxxxx network transport patch.
Support
HP WebWise MPE/iX Secure Web Server A.03.00 is supported through the HP Response Center as part of
MPE/iX FOS support.
Product Overview and Feature Set
HP WebWise MPE/iX Secure Web Server offers secure encrypted communications between browser and
server via the SSL and TLS protocols, as well as strong authentication of both the server and the browsers via
X.509 digital certificates. The current release of the HP WebWise MPE/iX Secure Web Server is A.03.00 and is
composed of:
Apache 1.3.22
Mod_ssl 2.8.5 SSL security add-ons for Apache
MM 1.1.3 shared memory library
Openssl 0.9.6b cryptographic/SSL library
RSA BSAFE Crypto-C 5.2 cryptographic library (for the RC2, RC4, RC5, and RSA algorithms)
HP WebWise MPE/iX Secure Web Server is NOT a substitute for:
A firewall (explicitly allow acceptable connections, etc.)
Good host security practices (change default passwords, keep the OS up-to-date, etc.)
Application security practices (use appropriate file and user security, carefully validate all input data,
etc.)
Good human security practices (communicate the importance of protecting sensitive or proprietary data,
no password sharing, etc.)
WebWise is just one component in a secure environment and by itself does nothing to prevent the number one
cause of web server break-in events poorly written CGI applications. Well-written CGI applications must
rigorously validate every byte of data sent by a browser, and must refuse to process any input data containing
unexpected characters.