- Default Security Settings: Some of the default settings have been changed in the new version:
- Administrative security is enabled automatically during installation.
- All internal transports are authenticated by default.
- Most internal transports are encrypted by default.
- The default encryption keys are eliminated. A cell-specific set of keys is created automatically.
- JNDI is read-only by default to all.
- Messaging limits connections to only authenticated users granted the bus connect role by default. AllAuthenticated no longer has that role by default.
- Simplified certificate and key management.
- The admin client can query the server and automatically import the server's signing certificate
- The admin tools can be used to generate certificates and certificate requests, import keys and certificates, manage certificates and keys, and even share them across the cell.
- Programmatic APIs for applications to obtain URLStreamHandlers, SSLContext instances, and SSLSocketFactories, based on the WebSphere Application Server-managed SSL configuration.
- LTPA encryption keys are automatically changed at regular intervals. To avoid outages, multiple key versions are simultaneously supported.
- Support for federated repositories.
- Support for file registry
- Support for multiple LDAP registries.
- Support for LDAP failover.
- Fine-grained authorization control (below cell level) for administrative users.
- Single Sign-On from windows desktops to intranet applications.
Monday, June 12, 2006
Security Enhancements in WebSphere 6.1
In his latest article, Keys Botzum gives an overview of the the security enhancements to WebSphere Application Server 6.1. Here is a a list of the enhancements, for more details, read the article.