Security

Since years i think that the Internet Lockout Feature of IBM Domino is not enough. The function is documented here: IBM Domino Administrator Help Cite of this document: There are some usage restrictions for Internet password lockout: You can only use Internet password lockout with Web access. Other Internet protocols and services, such as LDAP, POP, IMAP, DIIOP, IBM® Lotus® Quickr®, and IBM Sametime® are not currently supported. However, Internet password lockout can be used for Web access if the password that is used for authentication is stored on an LDAP server So documentation tells us, that only HTTP can be secured through inetlockout.

I started a new project on OpenNTF for the collection of scripts we created to speed up and simplify WebSphere and Connections Administration. Link to this project: Administration Scripts for WebSphere In the moment most of documentation is only as comment in these scripts. Descriptions can be found in Github and Scripting101 . Highlights J2EE Security Role Backup and Restore Set initial Security Roles for Connections Applications (Author: Klaus Bild ) Documentation When you want to start with this collection, copy the jython script to your Deployment Manager bin-folder ($WAS_HOME/profiles/Dmgr01/bin) and call the scripts with wsadmin.sh -f scriptname I will create more documentation in the next days.

Preamble Before i begin with my securing article, i want to say something on security on IBM Connections. Mainly i don’t like the thing, that IBM only support very special versions of software. So we must use WebSphere 7.0.0.21, DB2 9.7.0.5, IHS 7.0.0.11 and so on. Each product had updates the last months and i think we won’t get support when we use other versions. So i have to chances. On the first side i can update my software to limit vulnerabilities and get perhaps no support, or i will have vulerable software with support. Just my 2 cent and i hope i will get answer, if i will get support with higher program versions.