DOT NET & J2EE

From: avishver (yram_at_netvision.net.il)
Date: 10/24/03

  • Next message: alexandre: "Terminal Services Auditing?"
    Date: Fri, 24 Oct 2003 17:15:10 +0200 (IST)
    To: focus-ms@securityfocus.com
    
    

    Hello,

      I have an apllication that uses browser on XP for the presentation,travel
       to IIS6 on WIN03 for presentation logic, and ends up on
       IBM Websphere on IBM MainfraMe: EJB's for the business logic.
      The user authenticates against Active Directory 2003 when activating the
    browser.

      Several questions froM security point of view about the
       dot net <--> websphere connection:

       - What are the pros & cons to use MQseries / HTTP / RMI bridge ?
       - What is the practical way to iMpleMent end to end user id propogation:
           kerberos ticket ? ssl client certificate ? plain userid ?
          Note that on the websphere side I would like to use
           role base access control on the EJBs, and yet using the
           authenticated uid for authorization checking.
       - What is the preffered audit MechanisM that will be able to
           give unified audit trail on both environMents.

    Thanks alot

    Avi Shvartz

       
    <<< You can't be a real country unless you have a beer and an >>>
    <<< airline. It helps if you have some kind of a football >>>
    <<< team, or some nuclear weapons, but at the very least you >>>
    <<< need a beer. >>>
    <<< Frank Zappa >>>

    <<<< "Children", I say plainly, "watch out for the baobabs!" >>>>
    <<<< The Little prince by Antoine de Saint Exupery. >>>>

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
    ---------------------------------------------------------------------------


  • Next message: alexandre: "Terminal Services Auditing?"