Other Security Relevant
Information
The following topics provide an overview of additional security related information for the AS-Java.
In this topic we discuss the security aspects of the Java Message Service of the J2EE Engine. This service is used for exchanging messages between two or more Java clients. The security issues for this service that are discussed include authorization, authentication checking, policy configurations and communication protocols and ports.
· Java Virtual Machine Security
The J2EE Engine runs in a Java Virtual Machine within your operating system. This topic gives an overview of the related security information.
● Security Aspects of the Database Connection
The J2EE Engine uses the user persistence data stores provide for security and integrity of the data in cases of system upgrade or server failure. This topic gives an overview of the security mechanisms used for the integrity and confidentiality of the configuration and source code data stored in the user persistence stores of the J2EE Cluster.
The Software Deployment Manager (SDM) is a standard client/server tool that you use to install J2EE components on the J2EE Engine. In this topic, you can find security information related to using the SDM tool.
Provides an overview of the security mechanisms in the Destinations service of the J2EE Engine. The Destination service is used by applications or services to specify the remote service’s address and the user authentication information to use for connecting to other services.
● Protecting Sessions Security
J2EE Engine applications can use system cookies to track user data (such as sessions tracking, logon data, etc). These cookies contain sensitive information about the user, therefore to prevent potential misuse of session information the cookies should not be exposed to client side scripts. To increase the security protection of system cookies, you can enable the use of the additional system cookie attribute HttpOnly.