Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.

gatekeeper as root - security issue

gatekeeper as root - security issue

Problem:

gatekeeper as root - security issue

Resolution:

Product Name: Visibroker
Product Version: VBE 65
Product Component: Gatekeeper
Platform/OS Version: UNIX

Description: When running the gatekeeper as root, that means the port number is below 1024 on UNIX box then you have root rights. Then, You may see that GET request on gatekeeper can expose the sensitive data where the Gatekeeper is running, which is a security issue. This security issue is not seen when used with VBJ 3.x.

Answer/Solution:

To fix this security issue please use the property "vbroker.se.exterior.scm.ex-hiop.servlet.orb.GET=false". Basically this property is documented under the gatekeeper properties in gatekeeper guide, but it does not document that this property can be used in such above situations.

Old KB# 15197

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2013-02-15 18:20
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.