Security Guide for Siebel eBusiness Applications > Changing or Adding Passwords >
Adding a Password for Updating Web Server Static Files
As part of the installation hardening process, it is recommended that administrators define a password for updating cached images and other Siebel application-related static files on the Web server. Each time the Siebel administrator restarts the Web server, the Siebel Web Server Extension (SWSE) contacts the Siebel Server and refreshes these static files. Administrators may find that entering a URL command is a more efficient way to refresh the files, particularly when multiple Web servers are deployed. NOTE: Setting a password allows only Siebel administrators to refresh the cached static files on your Web server by accessing updated files originally placed on the Siebel Server. If you do not set a password, any unauthorized user could invoke the SWE command UpdateWebImages to update these files.
To add the Web update password, do one of the following:
If password encryption for the eapps.cfg file is in effect (EncryptedPassword = TRUE ), then SWSE configuration automatically stores the specified Web update protection key as an encrypted value for the WebUpdatePassword parameter. If you manually edit the eapps.cfg file, then you must use the encryptstring utility to generate an encrypted version of the password to store in the file. If EncryptedPassword = FALSE , passwords are not stored as encrypted values. In this case, passwords must not be entered as encrypted values. For more information about password encryption for the eapps.cfg file, and about the encryptstring utility, see theManaging Encrypted Passwords in the eapps.cfg File. For more information about managing Web images and other files for your Siebel applications, see Configuring Siebel eBusiness Applications. To edit the eapps.cfg file to configure the Web update password
- The Web public root directory (the location of Web file caching for Siebel applications) is set automatically when you run the SWSE configuration utility. Or, you can specify it by adding a line in each application section of the eapps.cfg file. For example, to specify the Web public root directory for Siebel eService (for a Web server on a Windows machine), add a parameter like this:
[/eservice_enu] WebPublicRootDir = SWEAPP_ROOT\public\LANGUAGE
where SWEAPP_ROOT is the SWSE installation directory, such as D:\sea77\SWEApp, and LANGUAGE is the application language, such as ENU for U.S. English. Files will be copied to this location from all of the language-specific subdirectories of the directory SIEBSRVR_ROOT/webmaster, where SIEBSRVR_ROOT is the Siebel Server installation directory.
NOTE: The directory structure on the Web server is parallel to that on the Siebel Server, except that the files are moved up from their original language-specific subdirectories. For example, files would be copied from SIEBSRVR_ROOT\webmaster\files\enu and SIEBSRVR_ROOT\webmaster\images\enu to SWEAPP_ROOT\public\enu\files and SWEAPP_ROOT\public\enu\images.
It is recommended to set WebPublicRootDir the same for all applications for a given language, in order to conserve disk resources on the Web server.
- The Web update protection key (Web update password) can be set using the SWSE configuration utility. Or, you can specify it by adding a line in each application section of the eapps.cfg file. For example, to specify a Web update password for Siebel eService, add a parameter like this:
[/eservice_enu] WebUpdatePassword = abcdef
NOTE: Typically, password encryption is in effect for the eapps.cfg file, as described in Managing Encrypted Passwords in the eapps.cfg File.
Siebel administrators can then use this password to update cached static files from a browser, without restarting the Web server. For example, specify a URL like the following. (Specify the password in clear text form, whether or not encryption is used.) http://hostname/eservice/start.swe?SWECmd=UpdateWebImages&SWEPassword=abcdef
|