While the information in this article is based on IBM Web Sphere Application Server V8.5 and V8.0, most of the issues discussed here apply equally V7.0.
although in some cases there are changes to security defaults in Web Sphere Application Server V8.0.
It is important that you realize there is no such thing as a perfectly secure system.
For the remainder of this article these will be called “full” profiles.
This distinction is made to contrast these profiles to a new addition in V8.5: the Liberty profile.
By improving the default settings, we continue to improve how we meet the critical security principle of secure by default.
An early version of this article focused on Web Sphere Application Server V6 and the hardening steps required for that version.
Because significant differences exist between V6.1 and later versions that clutter the discussion, we felt it would be beneficial to users of the more recent versions to prune the V6.1 details from the content.