Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
51525354555657585960
Chapter 1: Security Risks
1-30
Application Risk
Interstage Single Sign-on stores important information in the Web browser cookie. The attacker could
collect cookies for spoofing when the application operating on the business server is vulnerable, e.g.,
cross site scripting (XSS) or allocation of a malevolent application.
Client Risk
When an attacker takes advantage of Web browser defects and obtains cookie information, vulnerability
may become apparent. This could pose a threat to Interstage Single Sign-on because the user uses a
Web browser for the client.
Information Leakage Threat
Interstage Single Sign-on allows users to customize the messages displayed on the Web browser
according to the user environment. The information in this message could provide an opportunity for
attackers.
Security Measures
This section explains the action require to handle assumed threats.
Protecting the Authentication Infrastructure Setup File and Business System Setup File
The authentication infrastructure setup file and business system setup file are required for setting up a
repository server, authentication server, and business server. Manage the files (and the password
specified when downloading them) so that they cannot be leaked to a third party, and transfer them by
safe means.
The downloaded authentication infrastructure setup file and business system setup file are encrypted
using a password specified when downloading them. Exposure of the file contents may cause user
spoofing or system takeover, so always delete these files once the server configuration is complete.
Setting Access Permission for Operating Resources
To protect operating resources on servers, appropriate access permissions must be established for the
operating resources. Minimize the number of users or programs that can access the resources to
protect them from deletion, rewriting, or exposure by an attacker.
Interstage Single Sign-on grants appropriate access permissions to operating resources. When
changing the effective user of the Web server, also change the access permissions.
The administrator may delete operating resources by mistake, so periodically back up the operating
resources.
To change the effective user of the Web server, see "Operation and Maintenance" in the Single Sign-on
Operator's Guide. To back up operating resources, see the Operator's Guide.