Issue while connecting to Database from JAVA program. Cannot create PoolableConnectionFactory (IO Error: Connection reset) This is sometimes an intermittent issue but it can be easily reproduced by reducing the randomness on the Server watch -n 1 cat /proc/sys/kernel/random/entropy_avail cat /dev/random > random_bits.bin Once the issue is consistently reproduced, we
Continue reading »Category: Security
this category contains posts related to Security
Eliminating Security Vulnerabilities at PORT 22
Issue : There are findings related to security at PORT 22 after Vulnerability Assessment and Penetration Testing (VAPT). The below are the vulnerabilities : 1. SSH Weak Algorithms Supported. 2. SSH Server CBC Mode Ciphers Enabled. 3. SSH Weak MAC Algorithms Enabled. 4. SSH Server CBC Mode Ciphers Enabled. Solution
Continue reading »How to prevent CSRF attack
Sometimes when one application tries to call another application running on another server you get an error window with the message potential CSRF attack. At the same time you will see the following error message in the log files. <BEA-000000> <A request has been denied as a potential CSRF attack.>
Continue reading »How to decrypt WebLogic Datasource Password
You need to copy the datasource password present in the -jdbc.xml present under \config\jdbc to the password variable in the WLST Script. Change the path variable to point to your domain from weblogic.security.internal import * from weblogic.security.internal.encryption import * password = "{AES}0+5YrFk+fD9BFIykr3H+wPsNmPRP/GIOUId7SPqBgNg=" path = "D:/Oracle/Middleware/user_projects/domains/pega7_domain/security" encryptionService = SerializedSystemIni.getEncryptionService(path) cService
Continue reading »Weblogic SAML Attribute Mapper Example
It is useful to send custom attributes or tokens in the attribute having identity information of the authenticated user.This identity information can be further used by the detination site to access services on behalf of the user. To implement a SAML Attribute Mapper on Weblogic Server, you need to
Continue reading »How to check for SSL POODLE / SSLv3 bug on WebLogic? How to fix
Details of the SSL POODLE bug can be found here We can address it in the following way. 1) Disable SSL 3.0 support in the client. 2) Disable SSL 3.0 support in the server. We can start WebLogic server with the following JVM option -Dweblogic.security.SSL.protocolVersion=TLS1 Ref :- Use specific SSL
Continue reading »Two way SSL Webservice on Weblogic Server
This article provides sample Webservice and Webservice Client for two way SSL. It also demonstrates the use of WLSSSLAdapter class to send certificates to the server. 1. Create a JWS with the following policy : Wssp1.2-2007-Https-ClientCertReq.xml package examples.webservices.security_jws; import weblogic.jws.WLHttpTransport; import weblogic.jws.Policies; import weblogic.jws.Policy; import javax.jws.WebService; import javax.jws.WebMethod; import javax.jws.soap.SOAPBinding; @WebService(name="SecureHelloWorldPortType",
Continue reading »Recommended Best Practices for Securing WebLogic Server.
Disable SSL V2, Weak Ciphers, and Null Encryptions You can use the following jvm options to disable Weak Ciphers. -Dweblogic.security.SSL.allowUnencryptedNullCipher=false -Dweblogic.security.disableNullCipher=true Steps to disable SSL V2 follows later. Use Secure Cookies to Prevent Session Stealing Please refer to this article : link Configure WebLogic Server to use a Specific Cipher
Continue reading »Testing secure webservice on Weblogic using SOAP UI
Create the certificates for the client using keytool and store it at a location. You can refer our articles on SSL to get more details on how to create keystores. Once the client keystore is created you need to do the following configuration on SOAP UI.
Continue reading »Database authentication on JBoss EAP 5.0
Step 1 Create tables in the database and insert user, group and role information CREATE TABLE USERS ( U_NAME VARCHAR(200) NOT NULL, U_PASSWORD VARCHAR(50) NOT NULL, U_DESCRIPTION VARCHAR(1000)) ; CREATE TABLE GROUPS ( G_NAME VARCHAR(200) NOT NULL, G_DESCRIPTION VARCHAR(1000) NULL) ; CREATE TABLE ROLES ( U_NAME VARCHAR(200) NOT NULL,
Continue reading »