31
OD/WEK & JAVA API / REST & ODWEK
« on: October 22, 2015, 09:35:44 AM »
Has anyone built a solution using REST with ODWEK? I'm curious to hear from anyone who has some experience doing this.
-JD.
-JD.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
32
Report Indexing / arsload not handling character removal / defaults properly -- aka ARS1129E
« on: September 30, 2015, 06:47:11 AM »
Hey everyone. 
I'm indexing a report with a standardized header used for a dozen different report types. The problem is, for a subset of those report types, one of the date fields isn't populated. And that would normally be fine, but arsload doesn't appear to be using the default value I've specified, even when I feel it should be.
When the field is empty, and I don't do any character removal, I get:
Fine. It found some spaces where there should have been some numbers. So I changed the Application configuration under the 'Load Information' tab to remove all leading, trailing, and embedded spaces. So I run the report again, and I get:
So it's done the right thing in terms of character removal, resulting in a blank/null/zero-length value. I would expect that when faced with a null value, that CMOD would substitute the default value, and load the data. No such luck.
I'm kinda out of ideas for this. I was thinking of adding a field mask for the date value, but I suspect it would just cause indexing to fail immediately when it doesn't find data matching that mask.
Any assistance would be greatly appreciated, as always.
-JD.
I'm indexing a report with a standardized header used for a dozen different report types. The problem is, for a subset of those report types, one of the date fields isn't populated. And that would normally be fine, but arsload doesn't appear to be using the default value I've specified, even when I feel it should be.
When the field is empty, and I don't do any character removal, I get:
Code: [Select]
ARS1129E Row 1: The string " " could not be converted to a date from the format of %m/%d/%Y.Fine. It found some spaces where there should have been some numbers. So I changed the Application configuration under the 'Load Information' tab to remove all leading, trailing, and embedded spaces. So I run the report again, and I get:
Code: [Select]
ARS1129E Row 1: The string "" could not be converted to a date from the format of %m/%d/%Y.So it's done the right thing in terms of character removal, resulting in a blank/null/zero-length value. I would expect that when faced with a null value, that CMOD would substitute the default value, and load the data. No such luck.
I'm kinda out of ideas for this. I was thinking of adding a field mask for the date value, but I suspect it would just cause indexing to fail immediately when it doesn't find data matching that mask.
Any assistance would be greatly appreciated, as always.
-JD.
33
Report Indexing / Discarding Alignment Pages from old Mainframe output
« on: August 26, 2015, 08:08:18 AM »
The longer I live, the more I see things from before I was born.
I'm trying to index a report that has a four-page-long "Alignment Header" -- a format template with X's and 9's and Z's where the data should be, so that the printer operators could print and align the output being printed on what I can only assume are old chain printers.
I'll try and attach a screen shot so you can see what I'm talking about.
Does anyone have any idea on how to discard these from being indexed in CMOD?
Thanks!
-JD.
EDIT:
Two things:
The reason I can't use Trigger trickery to fix this is because all the triggers are in the precise locations they should be, it's the data that's all masked as X's. This includes setting the 'INDEXSTARTBY' value to a higher number, because again, the triggers find everything they need in order to begin.
I've also tried doing character removal on certain fields, and setting defaults. That doesn't seem to work at all. The switch 'flicks' in the direction of character removal, and doesn't set a default value, because it found something at all.
I'm trying to index a report that has a four-page-long "Alignment Header" -- a format template with X's and 9's and Z's where the data should be, so that the printer operators could print and align the output being printed on what I can only assume are old chain printers.
I'll try and attach a screen shot so you can see what I'm talking about.
Does anyone have any idea on how to discard these from being indexed in CMOD?
Thanks!
-JD.
EDIT:
Two things:
The reason I can't use Trigger trickery to fix this is because all the triggers are in the precise locations they should be, it's the data that's all masked as X's. This includes setting the 'INDEXSTARTBY' value to a higher number, because again, the triggers find everything they need in order to begin.
I've also tried doing character removal on certain fields, and setting defaults. That doesn't seem to work at all. The switch 'flicks' in the direction of character removal, and doesn't set a default value, because it found something at all.
34
Report Indexing / How do you index reports with no index fields in them?
« on: August 07, 2015, 05:14:28 AM »
Hey folks.
I've got a report that's basically a pipe-delimited dump of a database table. There's no usable header or index values inside it.
I know I can pick up date fields from the file name, or write a script to build a generic index file, but I'm just wondering if anyone has any other methods for indexing reports without any usable fields inside them.
Thanks for your advice!
-JD.
I've got a report that's basically a pipe-delimited dump of a database table. There's no usable header or index values inside it.
I know I can pick up date fields from the file name, or write a script to build a generic index file, but I'm just wondering if anyone has any other methods for indexing reports without any usable fields inside them.
Thanks for your advice!
-JD.
35
Whitepapers and product presentation materials / Vendor Code of Conduct
« on: April 21, 2015, 11:55:48 AM »
Vendor Code of Conduct for the OnDemand User Group
The OnDemand User Group ("ODUG") is a non-corporate, non-profit organization, focused on distributing and exchanging information on IBM's Content Manager OnDemand ("CMOD") software, exclusively for the benefit of its members. ODUG does not sell, rent, or otherwise distribute its members contact information for any purpose, ever.
While vendors (i.e. organizations or individuals who are not direct licensees, but whose interest in CMOD is primarily commercial, or on behalf of a third party) are welcome to join, participate, and attend ODUG events, they are expected to adhere to the following guidelines:
1) No advertising / solicitation will be permitted outside the Vendor Forum. All notification of events / webinars / product and/or service announcements will be limited to the Vendor Forum. For the safety/security of ODUG Users, please post direct links for users -- no URL-shortening tools that obfuscate the actual destination website.
2) Vendors are welcome to participate in the other ODUG Forums. All users should have individual accounts. A single 'corporate account' for all members of a vendor's team is NOT recommended. This is an opportunity for vendors to highlight the skill of their technical team, show their professionalism, and contribute back to the CMOD community.
3) Vendors are allowed to have a small, unobtrustive 'signature' attached to their posts that includes personal, individual contact information (not a switchboard, sales department, or "group inbox"), with a single line either mentioning the company name, or services offered. No corporate logos, graphics in signatures, or company-logos-as-avatar-images are permitted.
Adherence to this Code of Conduct is mandatory for all vendors who use the ODUG Forums. Contraventions of this Code of Conduct will be dealt with by any measures the ODUG Board of Directors sees fit. This includes, but is not limited to: Written warnings, including notification of the deletion of posts & replies, temporary or permanent suspension of Forum accounts (including other individual accounts from the same vendor), or the banning of a vendor's domain from membership.
This Code of Conduct is subject to change without notice, and new versions can be implemented by a simple majority at any regularly scheduled ODUG Board of Director's Meeting. New and/or updated versions of the Vendor Code of Conduct will be posted publicly on the ODUG Forums, and will be effective the day they are posted.
The OnDemand User Group ("ODUG") is a non-corporate, non-profit organization, focused on distributing and exchanging information on IBM's Content Manager OnDemand ("CMOD") software, exclusively for the benefit of its members. ODUG does not sell, rent, or otherwise distribute its members contact information for any purpose, ever.
While vendors (i.e. organizations or individuals who are not direct licensees, but whose interest in CMOD is primarily commercial, or on behalf of a third party) are welcome to join, participate, and attend ODUG events, they are expected to adhere to the following guidelines:
1) No advertising / solicitation will be permitted outside the Vendor Forum. All notification of events / webinars / product and/or service announcements will be limited to the Vendor Forum. For the safety/security of ODUG Users, please post direct links for users -- no URL-shortening tools that obfuscate the actual destination website.
2) Vendors are welcome to participate in the other ODUG Forums. All users should have individual accounts. A single 'corporate account' for all members of a vendor's team is NOT recommended. This is an opportunity for vendors to highlight the skill of their technical team, show their professionalism, and contribute back to the CMOD community.
3) Vendors are allowed to have a small, unobtrustive 'signature' attached to their posts that includes personal, individual contact information (not a switchboard, sales department, or "group inbox"), with a single line either mentioning the company name, or services offered. No corporate logos, graphics in signatures, or company-logos-as-avatar-images are permitted.
Adherence to this Code of Conduct is mandatory for all vendors who use the ODUG Forums. Contraventions of this Code of Conduct will be dealt with by any measures the ODUG Board of Directors sees fit. This includes, but is not limited to: Written warnings, including notification of the deletion of posts & replies, temporary or permanent suspension of Forum accounts (including other individual accounts from the same vendor), or the banning of a vendor's domain from membership.
This Code of Conduct is subject to change without notice, and new versions can be implemented by a simple majority at any regularly scheduled ODUG Board of Director's Meeting. New and/or updated versions of the Vendor Code of Conduct will be posted publicly on the ODUG Forums, and will be effective the day they are posted.
36
Workshops/webinars, and the like / Vendor Code of Conduct
« on: April 21, 2015, 11:55:01 AM »
Vendor Code of Conduct for the OnDemand User Group
The OnDemand User Group ("ODUG") is a non-corporate, non-profit organization, focused on distributing and exchanging information on IBM's Content Manager OnDemand ("CMOD") software, exclusively for the benefit of its members. ODUG does not sell, rent, or otherwise distribute its members contact information for any purpose, ever.
While vendors (i.e. organizations or individuals who are not direct licensees, but whose interest in CMOD is primarily commercial, or on behalf of a third party) are welcome to join, participate, and attend ODUG events, they are expected to adhere to the following guidelines:
1) No advertising / solicitation will be permitted outside the Vendor Forum. All notification of events / webinars / product and/or service announcements will be limited to the Vendor Forum. For the safety/security of ODUG Users, please post direct links for users -- no URL-shortening tools that obfuscate the actual destination website.
2) Vendors are welcome to participate in the other ODUG Forums. All users should have individual accounts. A single 'corporate account' for all members of a vendor's team is NOT recommended. This is an opportunity for vendors to highlight the skill of their technical team, show their professionalism, and contribute back to the CMOD community.
3) Vendors are allowed to have a small, unobtrustive 'signature' attached to their posts that includes personal, individual contact information (not a switchboard, sales department, or "group inbox"), with a single line either mentioning the company name, or services offered. No corporate logos, graphics in signatures, or company-logos-as-avatar-images are permitted.
Adherence to this Code of Conduct is mandatory for all vendors who use the ODUG Forums. Contraventions of this Code of Conduct will be dealt with by any measures the ODUG Board of Directors sees fit. This includes, but is not limited to: Written warnings, including notification of the deletion of posts & replies, temporary or permanent suspension of Forum accounts (including other individual accounts from the same vendor), or the banning of a vendor's domain from membership.
This Code of Conduct is subject to change without notice, and new versions can be implemented by a simple majority at any regularly scheduled ODUG Board of Director's Meeting. New and/or updated versions of the Vendor Code of Conduct will be posted publicly on the ODUG Forums, and will be effective the day they are posted.
The OnDemand User Group ("ODUG") is a non-corporate, non-profit organization, focused on distributing and exchanging information on IBM's Content Manager OnDemand ("CMOD") software, exclusively for the benefit of its members. ODUG does not sell, rent, or otherwise distribute its members contact information for any purpose, ever.
While vendors (i.e. organizations or individuals who are not direct licensees, but whose interest in CMOD is primarily commercial, or on behalf of a third party) are welcome to join, participate, and attend ODUG events, they are expected to adhere to the following guidelines:
1) No advertising / solicitation will be permitted outside the Vendor Forum. All notification of events / webinars / product and/or service announcements will be limited to the Vendor Forum. For the safety/security of ODUG Users, please post direct links for users -- no URL-shortening tools that obfuscate the actual destination website.
2) Vendors are welcome to participate in the other ODUG Forums. All users should have individual accounts. A single 'corporate account' for all members of a vendor's team is NOT recommended. This is an opportunity for vendors to highlight the skill of their technical team, show their professionalism, and contribute back to the CMOD community.
3) Vendors are allowed to have a small, unobtrustive 'signature' attached to their posts that includes personal, individual contact information (not a switchboard, sales department, or "group inbox"), with a single line either mentioning the company name, or services offered. No corporate logos, graphics in signatures, or company-logos-as-avatar-images are permitted.
Adherence to this Code of Conduct is mandatory for all vendors who use the ODUG Forums. Contraventions of this Code of Conduct will be dealt with by any measures the ODUG Board of Directors sees fit. This includes, but is not limited to: Written warnings, including notification of the deletion of posts & replies, temporary or permanent suspension of Forum accounts (including other individual accounts from the same vendor), or the banning of a vendor's domain from membership.
This Code of Conduct is subject to change without notice, and new versions can be implemented by a simple majority at any regularly scheduled ODUG Board of Director's Meeting. New and/or updated versions of the Vendor Code of Conduct will be posted publicly on the ODUG Forums, and will be effective the day they are posted.
37
Miscellanie / Vendor Code of Conduct
« on: April 21, 2015, 11:54:29 AM »
Vendor Code of Conduct for the OnDemand User Group
The OnDemand User Group ("ODUG") is a non-corporate, non-profit organization, focused on distributing and exchanging information on IBM's Content Manager OnDemand ("CMOD") software, exclusively for the benefit of its members. ODUG does not sell, rent, or otherwise distribute its members contact information for any purpose, ever.
While vendors (i.e. organizations or individuals who are not direct licensees, but whose interest in CMOD is primarily commercial, or on behalf of a third party) are welcome to join, participate, and attend ODUG events, they are expected to adhere to the following guidelines:
1) No advertising / solicitation will be permitted outside the Vendor Forum. All notification of events / webinars / product and/or service announcements will be limited to the Vendor Forum. For the safety/security of ODUG Users, please post direct links for users -- no URL-shortening tools that obfuscate the actual destination website.
2) Vendors are welcome to participate in the other ODUG Forums. All users should have individual accounts. A single 'corporate account' for all members of a vendor's team is NOT recommended. This is an opportunity for vendors to highlight the skill of their technical team, show their professionalism, and contribute back to the CMOD community.
3) Vendors are allowed to have a small, unobtrustive 'signature' attached to their posts that includes personal, individual contact information (not a switchboard, sales department, or "group inbox"), with a single line either mentioning the company name, or services offered. No corporate logos, graphics in signatures, or company-logos-as-avatar-images are permitted.
Adherence to this Code of Conduct is mandatory for all vendors who use the ODUG Forums. Contraventions of this Code of Conduct will be dealt with by any measures the ODUG Board of Directors sees fit. This includes, but is not limited to: Written warnings, including notification of the deletion of posts & replies, temporary or permanent suspension of Forum accounts (including other individual accounts from the same vendor), or the banning of a vendor's domain from membership.
This Code of Conduct is subject to change without notice, and new versions can be implemented by a simple majority at any regularly scheduled ODUG Board of Director's Meeting. New and/or updated versions of the Vendor Code of Conduct will be posted publicly on the ODUG Forums, and will be effective the day they are posted.
The OnDemand User Group ("ODUG") is a non-corporate, non-profit organization, focused on distributing and exchanging information on IBM's Content Manager OnDemand ("CMOD") software, exclusively for the benefit of its members. ODUG does not sell, rent, or otherwise distribute its members contact information for any purpose, ever.
While vendors (i.e. organizations or individuals who are not direct licensees, but whose interest in CMOD is primarily commercial, or on behalf of a third party) are welcome to join, participate, and attend ODUG events, they are expected to adhere to the following guidelines:
1) No advertising / solicitation will be permitted outside the Vendor Forum. All notification of events / webinars / product and/or service announcements will be limited to the Vendor Forum. For the safety/security of ODUG Users, please post direct links for users -- no URL-shortening tools that obfuscate the actual destination website.
2) Vendors are welcome to participate in the other ODUG Forums. All users should have individual accounts. A single 'corporate account' for all members of a vendor's team is NOT recommended. This is an opportunity for vendors to highlight the skill of their technical team, show their professionalism, and contribute back to the CMOD community.
3) Vendors are allowed to have a small, unobtrustive 'signature' attached to their posts that includes personal, individual contact information (not a switchboard, sales department, or "group inbox"), with a single line either mentioning the company name, or services offered. No corporate logos, graphics in signatures, or company-logos-as-avatar-images are permitted.
Adherence to this Code of Conduct is mandatory for all vendors who use the ODUG Forums. Contraventions of this Code of Conduct will be dealt with by any measures the ODUG Board of Directors sees fit. This includes, but is not limited to: Written warnings, including notification of the deletion of posts & replies, temporary or permanent suspension of Forum accounts (including other individual accounts from the same vendor), or the banning of a vendor's domain from membership.
This Code of Conduct is subject to change without notice, and new versions can be implemented by a simple majority at any regularly scheduled ODUG Board of Director's Meeting. New and/or updated versions of the Vendor Code of Conduct will be posted publicly on the ODUG Forums, and will be effective the day they are posted.
38
MP Server / Segfault in arslog...
« on: April 08, 2015, 07:54:15 AM »
This is one of the weirdest things I've ever seen.
One of my current customers is using arslog to write some of their log files to a text file so it can be parsed. Occasionally, this script will end with a 'segmentation fault' during a load, leading to warnings and alerts -- but there was nothing wrong with the load (and, in fact, it appears as having been successfully loaded in the System Log).
What makes this weird is that the shell script is so very, very basic...
Now, I've checked the -a, -m, and -u options in ksh, and none of them seem terribly useful in this situation, but I'd like to have a better idea of what's going on before I start changing things...
Can anyone share some insight into what's going on here?
Thanks!
-JD.
One of my current customers is using arslog to write some of their log files to a text file so it can be parsed. Occasionally, this script will end with a 'segmentation fault' during a load, leading to warnings and alerts -- but there was nothing wrong with the load (and, in fact, it appears as having been successfully loaded in the System Log).
What makes this weird is that the shell script is so very, very basic...
Code: [Select]
#/bin/ksh
set -a
set -u
set -m
print $1,$2,$3,$4,$5,$6,$7,$8 >> /var/log/sys.log
exit 0
Now, I've checked the -a, -m, and -u options in ksh, and none of them seem terribly useful in this situation, but I'd like to have a better idea of what's going on before I start changing things...
Can anyone share some insight into what's going on here?
Thanks!
-JD.
39
WEBI interface / Anyone using IBM Content Navigator with Tomcat?
« on: April 07, 2015, 09:21:17 AM »
I've got a customer that wants ICN, but would like to integrate it into their existing web application infrastructure -- which is all based on Apache Tomcat.
Any info would be greatly appreciated -- even if it's just a 'me too' -- so that we can do an enhancement request.
Thanks.
-JD.
Any info would be greatly appreciated -- even if it's just a 'me too' -- so that we can do an enhancement request.
Thanks.
-JD.
40
Announcements & News / SECURITY BULLETIN: IBM Content Navigator
« on: April 02, 2015, 05:32:08 AM »
There were two security bulletins issued April 2nd for Content Navigator ("ICN"), and ICN 2.0.3 FixPack 3 released April 1st (no joke!).
Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input
http://www-01.ibm.com/support/docview.wss?uid=swg21700205
Security Bulletin: IBM Content Navigator affected by dojox/form/resources/*.swf and dojox/av/resources/*.swf XSS vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21696244
Here's the FixPack announcement:
http://www-01.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/readme/icn_fixpack2.0.3.300_readme.html
Stay safe!
-JD.
Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input
http://www-01.ibm.com/support/docview.wss?uid=swg21700205
Security Bulletin: IBM Content Navigator affected by dojox/form/resources/*.swf and dojox/av/resources/*.swf XSS vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21696244
Here's the FixPack announcement:
http://www-01.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/readme/icn_fixpack2.0.3.300_readme.html
Stay safe!
-JD.
41
Report Indexing / Multiple reports inside a single file...
« on: March 25, 2015, 07:39:55 AM »
I have a strange situation where a customer is generating a half dozen reports, then concatenating them, and transferring them to CMOD to be loaded. (This is a migration from FileNet Image Services, which apparently used to support this feature.)
Has anyone managed to load this type of file, and still keep the Application definitions intact? It appears that the reports all have the same format, so it should be possible to re-use the ACIF defintions -- but I'm not sure how to capture the report name and have it populated in the AppID field, so that it's available to the end user as a pop-up menu in the CMOD client (or via ICN).
Any insight would be greatly appreciated.
-JD.
Has anyone managed to load this type of file, and still keep the Application definitions intact? It appears that the reports all have the same format, so it should be possible to re-use the ACIF defintions -- but I'm not sure how to capture the report name and have it populated in the AppID field, so that it's available to the end user as a pop-up menu in the CMOD client (or via ICN).
Any insight would be greatly appreciated.
-JD.
42
MP Server / SECURITY BULLETIN: GSKit vulnerable to POODLE attack
« on: December 17, 2014, 07:11:43 PM »
Link to the IBM Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21693181&myns=swgimgmt&mynp=OCSSEPCD&mync=E&cm_sp=swgimgmt-_-OCSSEPCD-_-E
Text of the Bulletin:
Summary
Transport Layer Security (TLS) padding vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack affects Content Manager OnDemand for Multiplatforms
Vulnerability Details
CVE-ID: CVE-2014-8730
DESCRIPTION:
Product could allow a remote attacker to obtain sensitive information, caused by the failure to check the contents of the padding bytes when using CBC cipher suites of some TLS implementations. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack to decrypt sensitive information and calculate the plaintext of secure connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99216 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
IBM Content Manager OnDemand for Multiplatforms V8.5, V9.0, and V9.5
Remediation/Fixes
None
Workarounds and Mitigations
You should verify applying this configuration change does not cause any compatibility issues.
Instructions:
1.) Upgrade to the GSKit to version 9.0.14.25 or newer. Contact IBM Content Manager OnDemand Level 2 to obtain newer versions of the GSKit.
2.) Set the environment variable GSK_STRICTCHECK_CBCPADBYTES for the Library Server:
a.) For a Content Manager OnDemand for Multiplatforms Library Server on Unix or Linux
- Add the environment variable GSK_STRICTCHECK_CBCPADBYTES=1 and export it.
- Restart the Content Manager OnDemand Server with that environment variable set.
b) For a Content Manager OnDemand for Multiplatforms Library Server on Windows:
- Create a new system environment variable GSK_STRICTCHECK_CBCPADBYTES=1 using System Properties/Advanced/Environment Variables
- Restart the CMOD Server.
---- End
It appears that you'll only be vulnerable to this attack on SSL/TLS if your CMOD server is configured to enable SSL support.
-JD.
http://www-01.ibm.com/support/docview.wss?uid=swg21693181&myns=swgimgmt&mynp=OCSSEPCD&mync=E&cm_sp=swgimgmt-_-OCSSEPCD-_-E
Text of the Bulletin:
Summary
Transport Layer Security (TLS) padding vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack affects Content Manager OnDemand for Multiplatforms
Vulnerability Details
CVE-ID: CVE-2014-8730
DESCRIPTION:
Product could allow a remote attacker to obtain sensitive information, caused by the failure to check the contents of the padding bytes when using CBC cipher suites of some TLS implementations. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack to decrypt sensitive information and calculate the plaintext of secure connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99216 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
IBM Content Manager OnDemand for Multiplatforms V8.5, V9.0, and V9.5
Remediation/Fixes
None
Workarounds and Mitigations
You should verify applying this configuration change does not cause any compatibility issues.
Instructions:
1.) Upgrade to the GSKit to version 9.0.14.25 or newer. Contact IBM Content Manager OnDemand Level 2 to obtain newer versions of the GSKit.
2.) Set the environment variable GSK_STRICTCHECK_CBCPADBYTES for the Library Server:
a.) For a Content Manager OnDemand for Multiplatforms Library Server on Unix or Linux
- Add the environment variable GSK_STRICTCHECK_CBCPADBYTES=1 and export it.
- Restart the Content Manager OnDemand Server with that environment variable set.
b) For a Content Manager OnDemand for Multiplatforms Library Server on Windows:
- Create a new system environment variable GSK_STRICTCHECK_CBCPADBYTES=1 using System Properties/Advanced/Environment Variables
- Restart the CMOD Server.
---- End
It appears that you'll only be vulnerable to this attack on SSL/TLS if your CMOD server is configured to enable SSL support.
-JD.
43
MP Server / Database-level security in DB2...
« on: April 28, 2014, 07:09:59 AM »
Hi everyone.
I've got a customer with two requirements for DB2 with CMOD.
1) Kerberos authentication to the database so it integrates into the enterprise authentication system.
2) Encryption of data-in-transit to and from the database.
Do you have any experience with this sort of high-security setup in DB2 with CMOD? Care to share any insight or experiences?
Thanks!
-JD.
I've got a customer with two requirements for DB2 with CMOD.
1) Kerberos authentication to the database so it integrates into the enterprise authentication system.
2) Encryption of data-in-transit to and from the database.
Do you have any experience with this sort of high-security setup in DB2 with CMOD? Care to share any insight or experiences?
Thanks!
-JD.
44
MP Server / Is anyone using TSM 7.1 yet?
« on: April 21, 2014, 08:27:27 AM »
I'm considering installing TSM 7.1 at a customer site, but wondered if anyone else has tried it with CMOD 8.5.x or 9.0.x.
Thanks in advance!
-JD.
Thanks in advance!
-JD.
45
Announcements & News / SECURITY BULLETIN: Content Navigator
« on: February 27, 2014, 09:38:36 AM »
IBM has announced several security issues with IBM Content Naviagator ("ICN") versions 2.0.0 through 2.0.2:
http://www.ibm.com/support/docview.wss?uid=swg21665358
http://www.ibm.com/support/docview.wss?uid=swg21665360
http://www.ibm.com/support/docview.wss?uid=swg21665361
http://www.ibm.com/support/docview.wss?uid=swg21665362
The advice in all cases is to upgrade to FixPack 2.0.2.2-ICN-FP002.
-JD.
http://www.ibm.com/support/docview.wss?uid=swg21665358
http://www.ibm.com/support/docview.wss?uid=swg21665360
http://www.ibm.com/support/docview.wss?uid=swg21665361
http://www.ibm.com/support/docview.wss?uid=swg21665362
The advice in all cases is to upgrade to FixPack 2.0.2.2-ICN-FP002.
-JD.