ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/sec/sec.htm

50 lines
3.2 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Security</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h1><a name="sec"></a>Security</h1>
<p>WebSphere<SUP>(R)</SUP> Application Server - Express is an Internet technology, and it is very crucial that you have a good Internet security policy in place before implementing WebSphere Application Server - Express. Even if your application runs only on your company's intranet, dangers still exist and your system needs to be protected.</p>
<p>While no system can ever be completely secured, you can implement certain security measures to discourage attacks. Before you deploy your WebSphere Application Server - Express solution, make sure you have studied and understand how your implementation affects your system security policy, and adjust your plan accordingly. See <a href="isecref.htm">iSeries security resources</a> for links to information about creating a system-wide security plan.</p>
<p>This topic covers two areas of security concerns for WebSphere Application Server - Express: protecting your WebSphere resources (such as servlets, JSP files, and HTML files) and protecting the WebSphere product itself (its files, directories, and user profiles).</p>
<p><strong>Protect your WebSphere resources</strong></p>
<p>To secure WebSphere Application Server - Express and your WebSphere resources, you have these options:</p>
<blockquote>
<p><strong><a href="sechttp.htm">Securing Web resources with IBM HTTP Server for i5/OS</a></strong>
<br>You can use Web server directives to limit access to your servlets and JSP files. Web server directive-based security is typically easier to configure than WebSphere security and may provide better performance.</p>
<p><strong><a href="secwas.htm">Securing Web resources with WebSphere security</a></strong>
<br>WebSphere Application Server - Express provides a layered, role-based security architecture. WebSphere security supports Java<SUP>(TM)</SUP> 2 security, J2EE, and CORBA security. See this topic for information about developing, assembling, and deploying secured applications, as well as how to configure WebSphere security with the administrative console.</p>
</blockquote>
<p><strong>Protect the WebSphere product</strong></p>
<p>See these topics for additional security information:</p>
<blockquote>
<p><strong><a href="isprfchg.htm">Run application servers under specific user profiles</a></strong>
<br>By default, application servers run under the QEJBSVR user profile. If you want to use a different user profile, see this topic for instructions.</p>
<p><strong><a href="secisobj.htm">Securing iSeries objects and files</a></strong>
<br>This topic describes iSeries objects and files that need to be secured with i5/OS<SUP>(R)</SUP> security.</p>
<p><strong><a href="encoding.htm">Password encoding</a></strong>
<br>This topic provides information about encoding passwords that are in configuration and properties files.</p>
</blockquote>
</body>
</html>