APAR status
Closed as program error.
Error description
When running launchclient and the Client application looks up
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users of *
* J2C Connection Factories, specifically those *
* who use Component Managed Authentication. *
****************************************************************
* PROBLEM DESCRIPTION: Connection Factories can get auth *
* aliases set when looked up from *
* a client, which could be a *
* security exposure. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
We were storing the username and password derived from
the alias in the Referenceable we use to create connection
factories bound into JNDI.
Problem conclusion
We removed the user/password from the Referenceable.
Temporary fix
ZE Fix Error
PQ98693 04/12/20
Comments
APAR information |
APAR number |
PQ95215 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
10W |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-10-01 |
Closed date |
2004-11-03 |
Last modified date |
2004-12-20 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|