tags:

views:

414

answers:

1
+1  Q: 

HTTP input filter like mod_security for WebSphere?

Does WebSphere offer an HTTP input filter / firewall like mod_security?

I know that it's possible to have Apache be the HTTP server front-end to WebSphere, but that type of configuration is beyond my influence. We're stuck using just what WebSphere itself can do.

EDIT - To clarify, I am not looking for authentication, authorization, or non-repudiation aspects of security here. I want a rule-based HTTP firewall like mod_security that works on WebSphere.

Also, I know that in version 1.x, there was a partial implementation of mod_security in Java. We currently have a custom, in-house solution that is a work-alike, but less arbitrarily configurable. Thanks!

+1  A: 

J2EE has a standard way of securing it's apps. I recommend using this. If what you are trying to do is oddball, you could look at Custom User Registries (IBM specific), or implement a custom system all together with Servlet Filters.

Konrad  2008-10-20 23:55:08
Thanks for your response. We have currently implemented filtering using Servlet Filters. However, we are not in the HTTP input filtering business, so I'd rather use a prepackaged solution like mod_security.
shadit  2008-10-21 21:08:56

related questions

Why does this remote script cause IE6 to hang?
Should I sanitize HTML markup for a hosted CMS?
HTML/Javascript app that runs on the filesystem, security issue
Gracefully closing a frame (toolbar) around an iframe
What's the best method for sanitizing user input with PHP?
How do you htmlencode using html agility pack?
XSS Blacklist - Is anyone aware of a reasonable one?
Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
What percentage of my time will be spent in user input verfication during web development?
How do you allow the usage of an <img> while preventing XSS?
What are the best practices for avoid xss attacks in a PHP site
How do use fckEditor safely, without risk of cross site scripting?
Will HTML Encoding prevent all kinds of XSS attacks?
Inform potential clients about security vulnerabilities?
Best Practice: Legitimate Cross-Site Scripting
Access to restricted URI denied code: 1012
How do you set up use HttpOnly cookies in PHP
When is it Best to Sanitize User Input?
How exactly do you configure httpOnlyCookies in ASP.NET?
How do you configure HttpOnly cookies in tomcat / java webapps?
Communicating between websites (using Javascript or ?)
Best regex to catch XSS (Cross-site Scripting) attack (in Java)?
Sanitising user input using Python
Catching SQL Injection and other Malicious Web Requests