本文介绍了一种安全措施,即禁用应用中可能导致安全风险的类重载特性。通过修改配置文件ibm-web-ext.xmi中的参数reloadingEnabled及reloadInterval来确保生产环境中模块不会未经进一步认证就被重新加载。
Background
Application shall not enable class reloading feature, which allows the modules reloading without further authentication in Prod Env, violates ISR’s security guideline.
Diagnosis
It can be identified by checking the config file: ibm-web-ext.xmi
If reloadingEabled = “true” and reloadInterval is not equal to zero, the class reloading feature is ON
Fix
1. Update ibm-web-ext.xmi
a. set reloadingEabled to “false”
b. set reloadInterval to “0”
2. Redeploy the EAR
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
