Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
12345678910
Security System Guide: Table of Contents
viii
Operations Confined to Specific Users...............................................................................1-16
Periodic Backup..................................................................................................................1-18
Use of the Security Function Provided by the Resource....................................................1-18
OLTP Function ..............................................................................................................................1-19
Resources to be Protected ......................................................................................................1-19
Functions to be Protected...................................................................................................1-19
Resources to be Protected .................................................................................................1-20
Possible Threats to Resources................................................................................................1-21
Countermeasures Against Security Risks ...............................................................................1-22
Countermeasures Against Decryption of Passwords .........................................................1-22
Countermeasures Against Exploitation of Passwords........................................................1-22
Countermeasures Against Tampering of Data Recorded in the File ..................................1-23
Countermeasures Against Exploitation of Information Recorded in Files ..........................1-23
Countermeasures Against Damage to Data.......................................................................1-23
Countermeasures Against Damage to Files.......................................................................1-23
Smart Repository ..........................................................................................................................1-24
Resources Requiring Security Protection................................................................................1-24
Smart Repository Functions and Resources Requiring Protection....................................1-24
Potential Security Threats........................................................................................................1-25
Threats and Security Measures...............................................................................................1-25
Password Encryption..........................................................................................................1-26
Communication Data Encryption ........................................................................................1-26
Periodic Change of Passwords ..........................................................................................1-26
Operation by Limited Users ................................................................................................1-26
Periodic Data Backup .........................................................................................................1-27
Setting Access Rights for Files ...........................................................................................1-27
Interstage Single Sign-on..............................................................................................................1-28
Configuration Model.................................................................................................................1-28
Possible Threats ......................................................................................................................1-29
Deleting, Rewriting, and Exposing Server Resources........................................................1-29
Rewriting and Exposure of Communication Contents........................................................1-29
User Spoofing .....................................................................................................................1-29
Authentication Server Spoofing ..........................................................................................1-29
DoS Attack ..........................................................................................................................1-29
Application Risk ..................................................................................................................1-30
Client Risk...........................................................................................................................1-30
Information Leakage Threat................................................................................................1-30
Security Measures ...................................................................................................................1-30
Protecting the Authentication Infrastructure Setup File and Business System Setup File.1-30