APAR status
Closed as program error.
Error description
When ORB comm tracing is enabled (-Dcom.ibm.CORBA.Debug=true
-Dcom.ibm.CORBA.CommTrace=true), the security contexts are
included in the ORB packet output.
These contexts can contain secure information such as usernames
and passwords, requiring the trace to be scrubbed before
submitting to support.
.
This APAR also address the following problem:
Customer gets orbtrc file with following message
com.ibm.rmi.corba.PluginRegistry loadPrereqPluginsGroupOne:153
Thread-1 ORBRas[default] java.lang.IllegalArgumentException: key
can't be empty java.lang.IllegalArgumentException: key can't be
empty
at java.lang.System.getProperty(System.java(Compiled Code))
at com.ibm.ISecurityUtilityImpl.ConfigURLProperties.getProperty
(ConfigURLProperties.java:319)
Local fix
Do not enabled ORB comm tracing
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who *
* perform ORB tracing *
****************************************************************
* PROBLEM DESCRIPTION: When doing an ORB comm trace, it is *
* possible that there could be user *
* sensitve data shown in plain text in *
* the service context area of the trace *
* output file. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
When doing an ORB comm trace, it is
possible that there could be user
sensitve data shown in plain text in
the service context area of the trace
output file.
Problem conclusion
Specific security contexts will be obscured in ORB comm trace
output so the user sensitive data will no longer appear
in plain text.
In order to gain full functionality of this change,
Java 1.3.1 SR10, or Java 1.4.2 SR5 will be required.
The WebSphere security part of this change will be included
in 5.0.2.15, 5.1.1.9, and 6.0.2.7.
Temporary fix Comments
APAR information |
APAR number |
PK11486 |
Reported component name |
WAS ENTERPRISE |
Reported component ID |
5630A3700 |
Reported release |
00W |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2005-09-07 |
Closed date |
2006-01-06 |
Last modified date |
2006-01-24 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
|
Fix information |
Fixed component name |
WAS ENTERPRISE |
Fixed component ID |
5630A3700 |
Applicable component levels |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
|