WebSpeed
Product Update Bulletin
Disable the WebSpeed Messenger Administration Utility
You should prevent access to the WebSpeed Messenger Administration utility when you deploy your WebSpeed applications. It provides information about the NameServer, WebSpeed Broker, WebSpeed Agent, and other components of your system. It can also allow users to access static HTML files.
When enabled in the Development mode, this utility can help you debug problems in a WebSpeed configuration. However, if you leave this utility enabled when you move your system from a Development mode to a Production mode, you expose your system information to unauthorized access.
Ensure that you disable the WebSpeed Messenger Administration utility before you run your WebSpeed applications in Production mode.
NOTE: There is one exception to this guideline. If you are using this utility with the WebSpeed Messenger Administration Internet Protocol List option available in WebSpeed Version 3.1, you can leave the WebSpeed Messenger Administration utility enabled in Production mode.See the following section, "Establish the WebSpeed Messenger Administration Internet Protocol List (Optional)" , for details about using the WebSpeed Messenger Administration utility with the WebSpeed Messenger Administration Internet Protocol List option.
The default setting value for the WebSpeed Messenger Administration utility changed between WebSpeed Version 3.0 and WebSpeed Version 3.1A. Table A–2 compares the default value differences between these two product versions.
Procedure Using the Progress Explorer Tool
To disable the WSMAdmin utility for a WebSpeed Messenger from the Progress Explorer Tool, perform these steps:
- Double click the Messengers folder on the left-hand side of the main Progress Explorer window.
- Right click the specific messenger whose internal commands you want to disable.
- Choose Properties from the shortcut menu. The properties window for the messenger you selected displays.
The CGIIP Properties window below shows the location of the Internal Administration Command - WSMAdmin field with the appropriate box checked.
![]()
- Deselect the check box next to the Internal Administration Command - WSMAdmin field.
- If you are changing this value for either a WSISA or WSNSA Messenger, re-start your web server.
Verify that the Messenger Internal Commands are disabled. You should not be able to access the WSMAdmin utility and its features from a Web browser.
Procedure Using the ubroker.properties File
To disable the internal commands for a WebSpeed messenger from the
ubroker.properties
file, perform these steps:
- Search the file for the AllowsMsngrCmds property. It is located in the properties section that is associated with the specific messenger type that your configuration is using.
For example, if you are using a CGIIP Messenger, the AllowsMsngrCmds property you must set is in the [WebSpeed.Messengers.CGIIP] section.
NOTE: Do not make changes in the [WebSpeed.Messengers] section because they will not affect this property.- Set the property value to 0 to disable the WebSpeed Messenger Administration utility commands.
Verify that the Messenger Internal Commands are disabled. You should not be able to access the WSMAdmin utility and its features from a web browser.
Copyright © 2004 Progress Software Corporation www.progress.com Voice: (781) 280-4000 Fax: (781) 280-4095 |