aspose file tools*
The moose likes Websphere and the fly likes WebSphere Application Server Support Bulletin, Issue 18 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "WebSphere Application Server Support Bulletin, Issue 18" Watch "WebSphere Application Server Support Bulletin, Issue 18" New topic
Author

WebSphere Application Server Support Bulletin, Issue 18

Tony Chen
Ranch Hand

Joined: Jan 29, 2001
Posts: 286

=====================================================================
WebSphere Application Server Support Bulletin
=====================================================================
Issue 18 October 2001
--------------------------------------------------------------------
The WebSphere Application Server Support Bulletin highlights the
latest code fixes, support information, and hot tips about your
favorite WebSphere Application Server products.
=====================================================================
IN THIS ISSUE:
---------------------------------------------------------------------

1- Recent posting on bugtraq
2- I have defined a custom error page within my web application
3- End of Service announcement for WebSphere Standard, Advanced and
Enterprise version 3
4- Support Resources
5- Subscribe/unsubscribe to this newsletter
6- Newsletter Owner

=====================================================================
1- Recent posting on bugtraq
---------------------------------------------------------------------
There was a recent posting on bugtraq by a consultant claiming what
is in fact an incorrect information about Session ID generation in
WAS V4.0
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=215273&start=2001-09-17&end=2001-09-23)
It is critically important to note that the reported issue of
session ID generation is not an issue in any version of Websphere
Application Server 4.X. It has been reported that PQ47663V302
should be applied to Websphere Application Server V4.X.
Please do not follow these directions. This patch is not supported
on Websphere Application Server 4.X, hence any server with this
patch is in an unsupported configuration. The issue is, however,
a reasonably accurate description of a known and resolved issue
in 3.X versions of Websphere Applicaton Server. PQ47663V302 is
a resolution to this issue on any release of Websphere Application
Server V3.02. There are versions of this patch available for
3.5.1, 3.5.2 and 3.5.3 as well. These fixes have been
available since 5/1/2001.The site to obtain these from is http://www-4.ibm.com/software/webservers/appserv/support.html
After applying the aforementioned patches to 3.02 or 3.5, the
session generation algorithm is identical to that of Websphere
Application Server V4.X. This algorithm is essentially totally
random and is based on JCE which is widely recognized as one of
the most sophisticated random ID generators.
Also, we do not recommend relying on the session ID alone as a
form of securing session data. If security is enabled and the
accessed URLs are protected, the user must be authenticated to
proceed. Websphere session and security code have been
integrated such that each session access compares the
authenticated user with the owner of the session. If these
do not match, the session access is rejected with an
UnauthorizedSessionRequestException.

=====================================================================
2- I have defined a custom error page within my web application
---------------------------------------------------------------------
Situation:
I have defined a custom error page within my web application,
but I am not seeing the expected page. The error pages that I
have defined are very simple and display simple messages such
as "404 File not Found" or "500 Internal Server Error".
When an error occurs, I get a "The page cannot be displayed"
page with the error code and description at the bottom of the
message.
Resolution:
To ensure that my error pages are displayed, I had to modify
my IE settings as follows:
Select Tools-->Internet Options-->Advanced and then uncheck
the Show friendly HTTP error messages.
Explanation:
With the above option checked, IE does a check of the incomming
error message. It determines that it is not verbose enough
and displays its "friendly" error message.
=====================================================================
3- End of service announcement for WebSPhere Standard, Advanced and
Enterprise version 3
---------------------------------------------------------------------
WebSphere Application Server STandard, Advanced and Enterprise version
3.x goes out of service December 31, 2001.
=====================================================================
4- Support Resources
---------------------------------------------------------------------
Support resources for WebSphere Application Server Standard and
Advanced editions can be found at
http://www.ibm.com/software/webservers/appserv/support.html
You will find information about how to get support for specific
WebSphere related questions at
http://www.ibm.com/software/webservers/appserv/support_ask.html
Support resources for WAS Enterprise Edition Component Broker
can be found at
http://www.ibm.com/software/webservers/appserv/cb/support/
Be sure to check out the WAS Library page at
http://www.ibm.com/software/webservers/appserv/library.html. This
page contains links to product documentation as well as WebSphere
Application Server white papers and post release developer's
notes which provide useful information to WebSphere Application
Server customers.
=====================================================================
5- Subscribe/unsubscribe to this newsletter
---------------------------------------------------------------------
-> TO SUBSCRIBE/UNSUBSCRIBE THROUGH THE WEB:
Go to http://www.ibm.com/software/mailing-lists/
-> TO UNSUBSCRIBE BY EMAIL:
Send an email reply with the word "Cancel" in the subject
line.
-> TO UNSUBSCRIBE BY REGULAR MAIL:
Send a letter with your email in the text to IBM Software,
Route 100, Building 1, Somers, NY 10589

=====================================================================
6- Newsletter Owner
---------------------------------------------------------------------
Send feedback to wssup@us.ibm.com

This email was delivered by Responsys on behalf of IBM.
Click here to view IBM's privacy practices.

------------------
Tony Chen
SCJP, ICS & ICSD (WebSphere)


SCJP Java 2 - IBM Certified Enterprise Developer - WebSphere V4.0 & V5.0 - IBM Certified System Administrator - WebSphere Network Deployment V6.0 - Canadian Securities Course (CSC) Certification
Tony Chen
Ranch Hand

Joined: Jan 29, 2001
Posts: 286

=====================================================================
WebSphere Application Server Support Bulletin-Item 3 Correction
=====================================================================
Issue 18-Update October 2001
--------------------------------------------------------------------
The WebSphere Application Server Support Bulletin that was distributed
October 16, 2001, had an incorrect version specified in item number 3.
We apologize for any inconvenience this may have caused. A correction
for that item has been provided in this Issue Eighteen update.
=====================================================================
IN THIS ISSUE:
---------------------------------------------------------------------

Item 3 Correction- Please note in this newsletter the version
has been corrected for the End of Service announcement for
Websphere Application Server Standard, Advanced and Enterprise
Editions, Version 3.0x

=====================================================================

Websphere Application Server Standard, Advanced and Enterprise Editions,
V3.0 and V3.02.x goes out of service December 31, 2001.
Websphere application Server Standard, Advanced and Enterprise Editions,
V3.5 continues to be supported until December 31, 2002.
=====================================================================
------------------
Tony Chen
SCJP, ICS & ICSD (WebSphere)
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: WebSphere Application Server Support Bulletin, Issue 18