Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
61626364656667686970
Chapter 2: Security Measures
2-4
Security Measures for Operation of the Web Server
(Interstage HTTP Server)
This section explains the following topics:
Notes When Making Access
Notes on Communication Data
Threats of Denial of Service Attacks (DoS)
Leakage of Password Information
Unauthorized Access to Resource Files
Risk of Exploiting the HTTP TRACE Method
Threat that the UNIX account name will be discovered
Notes When Making Access
When an access is made from a Web browser to the Interstage HTTP server, there is a possible threat
that an ill-intentioned person could make an unauthorized access to the Interstage HTTP Server by
impersonating a user having proper access permission.
To prevent this, SSL encryption using SSL version 3 (client authentication) is recommended.
For information about SSL encryption, refer to Chapter 9, How to Use SSL with Interstage HTTP Server.
Notes on Communication Data
An ill-intentioned person could access communication data between the server and a user who has
proper access permission.
SSL encryption is recommended in order to minimize this type of risk.
For information about SSL encryption, refer to Chapter 9, How to Use SSL with Interstage HTTP Server.
Threats of Denial of Service Attacks (DoS)
An ill-intentioned person on the network could target a server and disable its services. To defend the
server from Denial of Service attacks (DOS), it is recommended to use the following functions:
User authentication:
For information about user authentication, refer to User Authentication in Authentication and Access
Control for the Interstage HTTP Server in Chapter 9.