OpenEdge Application Server:<br />Administration Techniques to minimize unauthorized access to WebSpeed Messengers

Consider replacing the default filenames and file extensions associated with key WebSpeed files with proprietary (that is, less easily recognizable) names and extensions that you define. This action limits unauthorized personnel’s ability to recognize these files when they display on the URL.

The following list identifies key files and suggests some ways to shield the identify of each file:

Rename the default WebSpeed Messenger filename associated with the messenger type that you are using: cgiip.exe, wsisa.dll, or wsnsa.dll.

Use a file association technique to shield the identity of the default WebSpeed Messenger and broker filenames when they are run. This activity is only supported if you are using a Microsoft Internet Information Web Server (IIS Web Server) on a Windows platform, and your WebSpeed Messenger type is cgiip.exe. This technique allows you to define a file extension that can run an executable. The file extension, which includes the default filenames of the WebSpeed Messenger and broker, obscures the identity of these files as it passes the broker name to the executable that runs them.

For detailed instructions on how to perform this file association technique, refer to the cgiip.wsc file that is shipped with the WebSpeed product.

If you are using a UNIX platform, consider changing the default script name, wspd_cgi.sh, to a less immediately identifiable name to hide the WebSpeed messenger and WebSpeed broker names that the wspd_cgi.sh file contains.