Limitations of the -b supply option

Understand the limitations of the -b supply option to secure servers properly.

The same Security Verify Access dummy password is used for all requests; all users have the same password in the back-end server registry. The common dummy password offers no basis for the application server to prove the legitimacy of the client that is logging in with that user name.

If clients always go through WebSEAL to access the back-end server, this solution does not present any security problems. However, it is important to physically secure the back-end server from other possible means of access.

Because this scenario has no password-level security, the back-end server must implicitly trust WebSEAL to verify the legitimacy of the client.

The back-end server registry must also recognize the ISAM identity in order to accept it.

Parent topic: Single Sign-on Solutions