Skip to Main Content
Enterprise Business Portals with IBM Tivoli Access Manager
book

Enterprise Business Portals with IBM Tivoli Access Manager

by Axel Buecker, Chris Eric Friell, Armando Lemos, Rick McCarty, Jani Perttila, Dieter Riexinger, Andreas Schmengler
September 2002
Intermediate to advanced content levelIntermediate to advanced
612 pages
15h 30m
English
IBM Redbooks
Content preview from Enterprise Business Portals with IBM Tivoli Access Manager
Chapter 6. WebSphere application integration 137
Suppose now that we have an attacker who is a legitimate user of some other
part of the system. This attacker can impersonate any other user by creating a
packet with his own user ID and password in the BA header and any other users
ID in the iv-user header. WebSphere will bind to LDAP and use the attackers ID
to authenticate the traffic. The user ID in the iv-user header is used to authorize
access to a protected WebSphere resource. This is not a good situation if the
protected resource is, for example, a payroll system.
Using TAI without a -b supply junction
The new and current version of
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

IBM Tivoli Web Access for Information Management

IBM Tivoli Web Access for Information Management

Don Miller, Mimi Michelet, Michael Bacon, Maryann Goldman, Rollin Hippler, Pete Louis, Tom Shultz, Buck Stearns

Publisher Resources

ISBN: 0738425176Purchase book