Security - Websphere

This is a discussion on Security - Websphere ; Dear all, I have a problem and I don't know where I have to look for a solution. We are using a webfaced application installed on a WAS6.0 server. We have different users that uses the same application. But When ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Security

  1. Security

    Dear all,



    I have a problem and I don't know where I have to look for a solution.

    We are using a webfaced application installed on a WAS6.0 server.

    We have different users that uses the same application.

    But When user A logs in he/she gets a screen of User B (I know this based on the name of the user on the screen)and not even the first screen, it's somewhere else in the application.

    Can sombody assist me with this and give me some hints where I have to look for/in to solve this problem???



    Please I will appreciate your help.

    Thanks in advanced

  2. Re: Security

    Tina wrote:
    > Dear all,

    >

    > I have a problem and I don't know where I have to look for a solution.

    > We are using a webfaced application installed on a WAS6.0 server.

    > We have different users that uses the same application.

    > But When user A logs in he/she gets a screen of User B (I know this based on the name of the user on the screen)and not even the first screen, it's somewhere else in the application.

    > Can sombody assist me with this and give me some hints where I have to look for/in to solve this problem???

    >

    > Please I will appreciate your help.

    > Thanks in advanced


    My guess is that somewhere in your infrastructure something is caching
    data. Do you have any kind of caching proxy or load balancer?

  3. Re: Security

    Thank you for your reply Paul.



    I don't know if they had change something because it was working properly.

    Last I had a problem that some one changed the name of the DNS server.

    And the web application wasn't working. I changed it back and it worked perfectly.

    I don't know if this has something to do with it.

    I don't know where to look for futher explanation so can you please guide me trough some steps that I can follow to see what is the problem????



    Thanks in advanced

  4. Re: Security

    Tina wrote:
    > Dear all,

    >

    > I have a problem and I don't know where I have to look for a solution.

    > We are using a webfaced application installed on a WAS6.0 server.

    > We have different users that uses the same application.

    > But When user A logs in he/she gets a screen of User B (I know this based on the name of the user on the screen)and not even the first screen, it's somewhere else in the application.

    > Can sombody assist me with this and give me some hints where I have to look for/in to solve this problem???

    >

    > Please I will appreciate your help.

    > Thanks in advanced
    >

    Your HTTPSession objects are leaking. The application is using something
    from the sessions in order to put up the name of the users, and
    something in there is broken. This is probably not a security issue at all.

    Ken

  5. Re: Security

    Thank you Ken for your reply,



    What do you mean by "Your HTTPSession objects are leaking." Where can I look to find this out????



    But it seems like a security issue, beacuase the client expect to get his/her logon credentials when logging in.

    This is not the case so for them it's a security issue.

    Where can I look for solutions.

    How can it be posibble that I log in and gets a session of some one else and it even doesn't open the index page?

    It open's somwhere in someones else session.

    Where do I have to look for the problem????



    Please advise....

    Thanks in advance.

  6. Re: Security

    Tina wrote:
    > Thank you Ken for your reply,

    >

    > What do you mean by "Your HTTPSession objects are leaking." Where can I look to find this out????

    >

    > But it seems like a security issue, beacuase the client expect to get his/her logon credentials when logging in.

    > This is not the case so for them it's a security issue.

    > Where can I look for solutions.

    > How can it be posibble that I log in and gets a session of some one else and it even doesn't open the index page?

    > It open's somwhere in someones else session.

    > Where do I have to look for the problem????

    >

    > Please advise....

    > Thanks in advance.
    >

    From your original description, it sounded like it's in the application
    code.

    Can you be very specific about the page flow that's showing the error?

    Ken

  7. Re: Security

    Ken Hygh wrote:
    > Tina wrote:
    >> Thank you Ken for your reply,

    >>

    >> What do you mean by "Your HTTPSession objects are leaking." Where can
    >> I look to find this out????

    >>

    >> But it seems like a security issue, beacuase the client expect to get
    >> his/her logon credentials when logging in.

    >> This is not the case so for them it's a security issue.

    >> Where can I look for solutions.

    >> How can it be posibble that I log in and gets a session of some one
    >> else and it even doesn't open the index page?

    >> It open's somwhere in someones else session.

    >> Where do I have to look for the problem????

    >>

    >> Please advise....

    >> Thanks in advance.
    >>

    > From your original description, it sounded like it's in the application
    > code.
    >
    > Can you be very specific about the page flow that's showing the error?
    >
    > Ken


    I'll second that. It's 99.99% certainly an error in the application
    code, or something external to WAS.

  8. Re: Security

    Thanks for the reply.



    Maybe I didn't give enough information, so that is why I'm posting it again.

    We have a webfaced application, which we installed on a websphere application server, that when the user logs in it goes/gets logon information/screen from a different user.But on the 5250 is this not the case. So we think that it has to do with the session management of WAS or webfacing. If you login you have to get the main-menu (see attachment). But when the user loggs in it gets this page instaed of the main menu. The example can be seen in the attachements. When we installed it it was working perfectly but a few days later the client reported this error.



    Please assist.

  9. Re: Security

    Are you using HATS to put a web front end to your 5250 based application?

    - Sunit

    "Tina" wrote in message
    news:197851679.1205348162297.JavaMail.wassrvr@ltsg was009.sby.ibm.com...
    > Thanks for the reply.

    >

    > Maybe I didn't give enough information, so that is why I'm posting it
    > again.

    > We have a webfaced application, which we installed on a websphere
    > application server, that when the user logs in it goes/gets logon
    > information/screen from a different user.But on the 5250 is this not the
    > case. So we think that it has to do with the session management of WAS or
    > webfacing. If you login you have to get the main-menu (see attachment).
    > But when the user loggs in it gets this page instaed of the main menu. The
    > example can be seen in the attachements. When we installed it it was
    > working perfectly but a few days later the client reported this error. > />
    >

    > Please assist.



+ Reply to Thread