gatekeeper as root - security issue

Problem:

Resolution:

Product Name: Visibroker
Product Version: VBE 65
Product Component: Gatekeeper
Platform/OS Version: UNIX

Description: When running the gatekeeper as root, that means the port number is below 1024 on UNIX box then you have root rights. Then, You may see that GET request on gatekeeper can expose the sensitive data where the Gatekeeper is running, which is a security issue. This security issue is not seen when used with VBJ 3.x.

Answer/Solution:

To fix this security issue please use the property "vbroker.se.exterior.scm.ex-hiop.servlet.orb.GET=false". Basically this property is documented under the gatekeeper properties in gatekeeper guide, but it does not document that this property can be used in such above situations.

Old KB# 15197

#ApplicationMiddleware
#archive

Problem:

Resolution:

Sign up

Please log in or register:

Welcome to the Rocket Forum!

Please log in or register:

Scanning file for viruses.

This file cannot be downloaded