The Web Transaction Server is a Hyper Text Transfer Protocol (HTTP) Web server and provides Web access to MCP files and applications. Because Web Transaction Server is an entry point into the MCP environment, there are several security issues to be considered.
The following authentication methods are supported by Web Transaction Server, which identifies clients as MCP users; that is, as users who are identified in the USERDATAFILE:
-
HTTP Basic
-
NTLM and NTLMv2
-
Kerberos
Access to files and applications can be restricted with the following requirements:
-
Clients must use SSL basic or SSL (128 bit and higher).
-
Clients must have valid SSL certificates.
-
Clients must come from certain IP address ranges only.
-
Anonymous access (no restrictions applied) can be set.
Access options for file directories can be limited to the following:
-
Read only
-
Read/Write
-
No access
MCP permanent directories are also supported, which can further control access. Other restrictions that can be applied are the following:
-
Require MCP user privileges to access files.
-
Restrict access to MCP applications to valid MCP users only (otherwise, anonymous access is allowed and applications can implement their own security).
-
Support and enforce the MCP LOGONATTEMPTS setting, in which clients can be locked out based on the number of failed attempts to log on or by their IP address.
-
Implement custom SECURITYSUPPORT libraries.
