how to fix Vulnerability number:34850 Web Server Uses Basic Authentication Without HTTPS
Answered
how to fix Vulnerability number:34850 Web Server Uses Basic Authentication Without HTTPS
how to fix Vulnerability number:34850 Web Server Uses Basic Authentication Without HTTPS
Hi Sunith,
Ok so this isn't a product problem that can be fixed via code, it's just a matter of configuring your environment to enable HTTPS. This is done at the application server level (e.g Tomcat). We do have some guidance here, however please keep in mind this level of configuration lies outside of application support so further assistance will need to be provided via our consulting channel.
In saying this, I know BMC already has a few platforms with HTTPS enabled so think an easy out is to ask your team to assist, as what you're after has already been done ;) .
Hope this helps and please let me know if you need any further guidance.
Regards,David
Hi Sunith,
Ok so this isn't a product problem that can be fixed via code, it's just a matter of configuring your environment to enable HTTPS. This is done at the application server level (e.g Tomcat). We do have some guidance here, however please keep in mind this level of configuration lies outside of application support so further assistance will need to be provided via our consulting channel.
In saying this, I know BMC already has a few platforms with HTTPS enabled so think an easy out is to ask your team to assist, as what you're after has already been done ;) .
Hope this helps and please let me know if you need any further guidance.
Regards,David
Hi Sunith,
Can I confirm this is the article you're referring to? Web Server Uses Basic Authentication Without HTTPS
If so, is there a reason to believe that there is a different solution?
I'm no security experts by any means, though my interpretation of the article is that this is 'just how it is' as it was created in 2008, and updated again in 2016, though nothing since.
Thanks,David
Hi Sunith,
Can I confirm this is the article you're referring to? Web Server Uses Basic Authentication Without HTTPS
If so, is there a reason to believe that there is a different solution?
I'm no security experts by any means, though my interpretation of the article is that this is 'just how it is' as it was created in 2008, and updated again in 2016, though nothing since.
Thanks,David
Hi David,
I mean this is correct, what I need to know is whether this problem can be fixed or how it should be fixed.
Thank you,
Sunhith
Hi David,
I mean this is correct, what I need to know is whether this problem can be fixed or how it should be fixed.
Thank you,
Sunhith
Hi Jeff,
I hope all is well and apologies for the late response in acknowledging your comments... Going forward and as you are aware this isn't a product problem of which lies outside of the Yellowfin application support, however I have kept this Question active and public to anyone who has looked at this and came a cross this before so that they can have their 5 cents on this.
Regards,
Mark
Hi Jeff,
I hope all is well and apologies for the late response in acknowledging your comments... Going forward and as you are aware this isn't a product problem of which lies outside of the Yellowfin application support, however I have kept this Question active and public to anyone who has looked at this and came a cross this before so that they can have their 5 cents on this.
Regards,
Mark
Replies have been locked on this page!