|
|
|
|
|
|
Administering Operating System (OS) Security
In addition to BEA Tuxedo system security, the application administrator needs to take full advantage of the security features of the host operating system to control access to files, directories, and system resources.
Most BEA Tuxedo applications are managed by an application administrator who configures and boots the application, monitors the running application, and makes changes to it dynamically, as necessary. Because the application is started and run by the administrator, server programs are run with the administrator's permissions and are therefore considered secure or "trusted." This working method is supported by the login mechanism and the read and write permissions on the files, directories, and system resources provided by the underlying operating system.
Clients, on the other hand, are not started by the administrator. Instead, they are run directly by users with their own permissions. As a result, clients are not trusted.
In addition, users running native clients (that is, clients running on the same machine on which the server is running) have access to the configuration file and interprocess communication (IPC) mechanisms such as the bulletin board (in shared memory). Users running native clients always have such access, even when additional BEA Tuxedo system security is configured.
Recommended Practices for OS Security
As the administrator, you can improve operating system security by observing the following general rules:
|
|
|
|
|
|
Copyright © 2000 BEA Systems, Inc. All rights reserved.
|