|
Home > Archive > WebSphere Application Server > February 2007 > Sticky Request for Client PC
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Sticky Request for Client PC
|
|
|
| Dear All,
We have a custom build application running on clustered WAS 6.0 with IHS as a proxy. We have come across a strange behaviour in past few days. When we copy our Application URL from the browser and opens it in an another PC, it opens up without authori
zation.
We have enabled URL rewriting mechanism and sessionid always attached with our URL. Our Application will not support cookies. Is there any way to prevent hackers doing malfuntion on our system?
Thanks & Regards,
Sridhar H
| |
| Paul Ilechko 2007-02-22, 1:19 pm |
| srindies@yahoo.co.in wrote:
> Dear All,
>
> We have a custom build application running on clustered WAS 6.0 with
> IHS as a proxy. We have come across a strange behaviour in past few
> days. When we copy our Application URL from the browser and opens it
> in an another PC, it opens up without authorization.
Do you have WAS security turned on? Presumably if you are not using
cookies you are using SWAM instead of LTPA? If so, this uses the session
for tracking security, so provided you have the jsessionid info on the
URL, what you are describing is likely what would happen. This is one
reason why SWAM is not recommended/.
>
> We have enabled URL rewriting mechanism and sessionid always attached
> with our URL. Our Application will not support cookies. Is there any
> way to prevent hackers doing malfuntion on our system?
use SSL, for a start. Then no-one can get access to the request in transit
|
|
|
|
|