2.1 Vendor-specific security information

This section contains security-related information about operating systems, application servers, and databases that are incorporated into your LiveCycle solution.

Use the links in this section to find vendor-specific security information for your operating system, database, and application server.

2.1.1 Operating system security information

When securing your operating system, carefully consider implementing the measures described by your operating system vendor, including these:

  • Defining and controlling users, roles, and privileges

  • Monitoring logs and audit trails

  • Removing unnecessary services and applications

  • Backing up files

For security information about operating systems that LiveCycle supports, see the resources in the this table.

Operating System

Security Resource

IBM® AIX® 5.3 and 6.1

IBM AIX Security Benefits

Microsoft® Windows® XP SP 2 (for non-production environments only)

Windows XP Security Guide

Microsoft Windows 7, 32-bit and 64-bit (for non-production environments only)

Windows 7 Security Guide

Microsoft Windows Server® 2003 Enterprise or Standard Edition

Search for “Windows Server 2003 Security Guide” at Microsoft.com

Microsoft Windows Server® 2008 Enterprise or Standard Edition

Search for “Windows Server 2008 Security Guide” at Microsoft.com

Microsoft Vista™ SP1, all flavors, 32-bit and 64-bit (for non-production environments only)

Search for “Windows Vista Security Guide” at Microsoft.com

Red Hat® Linux® AP or ES

Red Hat Enterprise Linux Security Guide

Sun Solaris 10

System Administration Guide: Security Services

2.1.2 Application server security information

When securing your application server, you should carefully consider implementing the measures described by your server vendor, including these:

  • Using non-obvious administrator user name

  • Disabling unnecessary services

  • Securing the console manager

  • Enabling secure cookies

  • Closing unneeded ports

  • Limiting clients by IP addresses or domains

  • Using the Java™ Security Manager to programmatically restrict privileges

For security information about application servers that LiveCycle supports, see the resources in this table.

Application Server

Security Resource

Oracle WebLogic®

Search for Understanding WebLogic Security at http://download.oracle.com/docs/.

IBM WebSphere®

Securing applications and their environment

Red Hat® JBoss®

Security on JBoss

2.1.3 Database security information

When securing your database, you should consider implementing the measures described by your database vendor, including these:

  • Restricting operations with access control lists (ACLs)

  • Using non-standard ports

  • Hiding the database behind a firewall

  • Encrypting sensitive data before writing it to the database (see the database manufacturer’s documentation)

For security information about databases that LiveCycle supports, see the resources in this table.

Database

Security Resource

IBM DB2® 9.1 or 9.5

DB2 Product Family Library

Microsoft SQL Server 2005 SP2 or 2008

Search the Web for “SQL Server 2005: Security”

Search the Web for “SQL Server 2008: Security”

MySQL 5

MySQL 5.0 General Security Issues

MySQL 5.1 General Security Issues

Oracle® 10g or 11g

See the Security chapter in the Oracle 11g documentation

This table describes the default ports that are required to be open during your LiveCycle configuration process. If you are connecting over https, adjust your port information and IP addresses accordingly. For more information about configuring ports, see the Installing and Deploying LiveCycle document for your application server.

Product or service

Port number

JBoss

8080

WebLogic

7001

WebLogic Managed Server

Set by administrator during configuration

WebSphere

9060, if Global Security is enabled the default SSL port value is 9043.

9080

BAM Server

7001

SOAP

8880

MySQL

3306

Oracle

1521

DB2

50000

SQL Server

1433

LDAP

The port on which the LDAP server is running. The default port is typically 389. However, if you select the SSL option, the default port is typically 636. You must confirm with your LDAP administrator which port to specify.

2.1.4 Configuring JBoss to use a non-default HTTP port

JBoss Application Server uses 8080 as the default HTTP port. JBoss also has pre-configured ports 8180, 8280, and 8380, which are commented out in the jboss-service.xml file. If you have an application on your computer that already uses this port, change the port that LiveCycle uses by following these steps:

  1. Open the jboss-service.xml file in an editor.

    JBoss turnkey install: [JBoss root]/server/lc_turnkey/conf/

    JBoss manual install: [appserver root]/server/all/conf/

  2. Locate and uncomment the following mbean:

    <mbean code="org.jboss.services.binding.ServiceBindingManager"

    name="jboss.system:service=ServiceBindingManager">

    <attribute name="ServerName">ports-01</attribute>

    <attribute name="StoreURL">${jboss.home.url}/docs/examples/binding-manager/sample-bindings.xml</attribute>

    <attribute name="StoreFactoryClassName">

    org.jboss.services.binding.XMLServicesStoreFactory

    </attribute>

    </mbean>

  3. Save and close the file.

  4. Restart JBoss.

JBoss is now configured to use port 8180. If you need to use either 8280 or 8380, modify the ServerName attribute value to use one of the following alternative ports:

  • For 8280: ports-02

  • For 8380: ports-03

If you need to configure a port number other than those pre-configured for JBoss, perform the following steps:

  1. Locate and open the deploy/jboss-web.deployer file in [JBoss root] (turnkey) or [appserver root] (JBoss manual install).

  2. Locate and uncomment the mbean from step 2 above.

  3. Modify the ServerName value to the port number to use.

  4. Save and close the file.

  5. Restart JBoss.

// Ethnio survey code removed