I am testing the web server of NetView6.0, on AIX 4.3.2. I followed the
steps described in the release notes to start the web server. And the web
client is started as an application, not from the web browser. The
necessary web client account is also created. Things are running.
The questions here are some secutiy considerations:
1. Does the Jetty web server has some kind of access control over the
client IP address? e.g, only IP within a certain range can access the web
server?
2. Does the Jetty web server has restrictions on maximum failed login, so
that it can prevent "hackers" from endless trying?
3. What is the maximum number of simultaneous sessions that one user can
open with the web server, using the same user/password as defined in
Realms.prp?
4. Which file is the log file of all those security violcation records? The
jetty.log is only ordinary web access log, it doesn't record much
information. Or how can I configure the web server to record the
violations?
And, where can I find more information about the the configuration of web
server in Version 6, besides the release notes?
Thanks,
Ma Hong Bo
IBM Global Services, Singapore
|