Web application security warnings in the OAC

If one or more security vulnerabilities exist, an alert message will be shown that recommends enabling or disabling certain settings that are not intended for production systems. Depending on your configuration, the following warnings could be displayed when logging in:

  • Security is disabled. Consider enabling application security on WebSphere® Application Server.
  • The SQL button is enabled. For security reasons, this is not recommended in a production environment.
  • You have IBM® development permissions. This is not recommended in a production environment.
  • User Trace is enabled. For security reasons, consider disabling it in a production environment.
  • Alerts auto refresh is enabled. Note that using the auto reload function exposes a slight security risk in that your web session might not expire if the Alerts page is left open.

Along with the dialog on logging in, an alert warning icon is displayed on the header on which the user can hover over or double click for a reminder of these security recommendations.

For more information on how to configure application security and remove IBM development permissions, see OAC Security. The section on Environment entries and resources describes how to disable the User Trace, Alerts auto refresh and the SQL button. Alternatively, if you wish to ignore these warnings, the suppressSecurityWarnings environment entry can be set to true to suppress them.