PQ66004: MULTIPLE SECURITY LOG ENTRIES FOR ONE INVALID USERID/PASSWORD. | |||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Upon entering a wrong password for a given userid, the following log statements are written to appserver-out.log. Apart from the fact, that times the same message seems unnecessary, it should the application's decision whether to write or not to write such message regarding invalid logins. Otherwise, a very simple denial of service attack could logins. Otherwise, a very simple denial of service attack could be convinced with bogus login attempts keeping the machine busy logging these messages. 8/26/02 13:17:39:080 CEST] 37b2205d SystemOut U 5> [2002-08-26 13:17:39.08], [ServerID: 375334458], [LoginHelperImpl.request_login_controlled]: [8/26/02 13:17:39:090 CEST] 37b2205d SystemOut U JSAS0240E: Login failed. Verify the userid/password is correct. Check the properties file to ensure the login source is valid. If this error occurs on the server, check the server properties to ensure the principalName has a valid realm and userid. [8/26/02 13:17:39:110 CEST] 37b2205d SystemOut U 6> [2002-08-26 13:17:39.11], [ServerID: 375334458], [CredentialsImpl.get_mapped_credentials]: [8/26/02 13:17:39:120 CEST] 37b2205d SystemOut U JSAS0240E: Login failed. Verify the userid/password is correct. Check the properties file to ensure the login source is valid. If this error occurs on the server, check the server properties to ensure the principalName has a valid realm and userid. [8/26/02 13:17:39:451 CEST] 37b2205d SystemOut U 8> [2002-08-26 13:17:39.451], [ServerID: 375334458], [CredentialsImpl.get_mapped_credentials]: [8/26/02 13:17:39:481 CEST] 37b2205d SystemOut U JSAS0240E: Login failed. Verify the userid/password is correct. Check the properties file to ensure the login source is valid. If this error occurs on the server, check the server properties to ensure the principalName has a valid realm and userid. Action Planned: Sending to entitlement, then to WAS for customerLocal fix Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server users who have * * security enabled. * **************************************************************** * PROBLEM DESCRIPTION: Multiple security log entries for one * * invalid login. * **************************************************************** * RECOMMENDATION: * **************************************************************** Upon entering a wrong password for a given userid, the following 3 log statements are written to appserver-out.log. It's unnecessary to have 3 login error messages. 8/26/02 13:17:39:080 CEST 37b2205d SystemOut U 5> 2002-08-26 13:17:39.08 , ServerID: 375334458 , LoginHelperImpl.request_login_controlled : 8/26/02 13:17:39:090 CEST 37b2205d SystemOut U JSAS0240E: Login failed. Verify the userid/password is correct. Check the properties file to ensure the login source is valid. If this error occurs on the server, check the server properties to ensure the principalName has a valid realm and userid. 8/26/02 13:17:39:110 CEST 37b2205d SystemOut U 6> 2002-08-26 13:17:39.11 , ServerID: 375334458 , CredentialsImpl.get_mapped_credentials : 8/26/02 13:17:39:120 CEST 37b2205d SystemOut U JSAS0240E: Login failed. Verify the userid/password is correct. Check the properties file to ensure the login source is valid. If this error occurs on the server, check the server properties to ensure the principalName has a valid realm and userid. 8/26/02 13:17:39:451 CEST 37b2205d SystemOut U 8> 2002-08-26 13:17:39.451 , ServerID: 375334458 , CredentialsImpl.get_mapped_credentials : 8/26/02 13:17:39:481 CEST 37b2205d SystemOut U JSAS0240E: Login failed. Verify the userid/password is correct. Check the properties file to ensure the login source is valid. If this error occurs on the server, check the server properties to ensure the principalName has a valid realm and userid.Problem conclusion 2 unnecessary messages are removed. Only one message will be logged.Temporary fix PQ66004_eFix_test.jarComments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ66004
IBM Group: Software Group
Modified date: Oct 30, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.