Security Guide for Siebel eBusiness Applications > Configuring for Security: Overview >

Adding a Password for Updating Web Server Images

As part of the installation hardening process, it is recommended that administrators define a password for updating cached images on the Web server.

Each time the Siebel administrator restarts the Web server, the Web server contacts the Siebel Server and refreshes these images. However, administrators may find that entering this password in a command line is a more efficient way to perform image file refresh, particularly when deploying multiple Web servers.

Setting a password allows only Siebel administrators to refresh the application image files on your Web server by accessing updated images placed on the Siebel Server. If you do not set a password, an unauthorized user could invoke the UpdateWebImages command to update Web images.

To add this password:

To edit the eapps.cfg file

  1. In the [SWE] section of the eapps.cfg file, add a line to specify the location of the Web image caching. For example, if you specify:

    2. WebPublicRootDir=m:\v752\eapps\public_enu

    then the Web images root directory would be in the images subdirectory (m:\v752\eapps\public_enu\images).

    The image root of the Siebel Server is fixed. For example, if the client root is set as m:\752, then the image root is m:\752\images.

  2. Add a line to specify the Web update password. For example:

    3. WebUpdatePassword=abcdef

    Siebel administrators can then use this password to renew the image cache from a command line, without restarting the Web server. For example:

    http://host/eservice/start.swe?SWECmd=UpdateWebImages&PWEPassword=abcdef


 Security Guide for Siebel eBusiness Applications 
 Published: 23 June 2003