Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
51525354555657585960
Chapter 1: Security Risks
1-34
For Java Applications Using Single Sign-on JavaAPIs
Possible threat Action
Application alteration
- Periodically change the account password.
Application destruction
- Periodically back up data.
Leakage of user IDs or passwords
- Securely implement communication with the client
(using SSLSocket, etc.)
Operation of the application operating
terminal
- When operating Java applications in server
applications, implement them as daemon
processes or services.
Alteration or exposure of configuration files
(security policy file, service ID file, login
configuration file, or trust store file)
- Minimize the number of access permissions to
operating resources.
Destruction of configuration files (security
policy file, service ID file, login configuration
file, or trust store file)
- Periodically back up data.
Applying Patches
Periodically check failure information regarding Web browsers and operating systems. If a new failure is
detected, patches or workarounds are made available. Remind users to apply the latest security
patches to their Web browsers. Similarly, apply the latest fix to the operating system of each server.
Messages Displayed on the Web Browser
When customizing messages to be displayed on users' Web browsers, use particular caution in regard
to the contents.
Avoid including information that could be used as a stepping stone or clue to attacks.
Before displaying telephone numbers, mail addresses, or URLs, verify that there will be no problem
in publicizing such information.