0

In one of our application my developer requested to enable below two debug flags for security concerns what is the use of enabling below two debug flags is it only to get speicific security errors since weblogic 10.3.6 has obfuscated all the specific security errors and just raises Unknown Exception error for all the security failures.

-Dweblogic.wsee.security.debug=true -Dweblogic.wsee.security.verbose=true

Is there any way that we can get the required result by using only one of the above two Debug flags or another instead of these two flags?

user2014111
  • 693
  • 1
  • 7
  • 14

1 Answers1

1

This is fine for debug purposes but not for a production application - your weblogic logs will contain mountains of information you would not want to reveal in a production environment.

These should only be set in as JAVA_OPTIONS in something like setDomainEnv.cmd as a temporary measure to debug and then turn off at a later time. And since it should only be used for debug, there is no real reason no to use both.

There are many other logging options within weblogic, for instance if you're having security issues with your webapp you may want to turn up:

Security Realms -> Providers -> Auditing -> DefaultAuditor -> Provider Specific

to get more authentication logging info.

Display Name is missing
  • 6,197
  • 3
  • 34
  • 46