letter to the editor.
| IBM Secure WebExplorer v1.1 | - by Larry Dreher and Dan Knight |
ecure WebExplorer (SWE) is a separate web browsing product for OS/2 available through IBM or your favorite OS/2 retailer like Indelible Blue. It is essentially the free WebExplorer v1.03 with the addition of features that support secure transactions over the Internet. SWE supports the two most common security protocols on the Internet, Secure Sockets Layer (SSL) and Secure Hypertext Transfer Protocol (S-HTTP).
The version number 1.1 assigned to this product often leads to confusion when compared to the non-secure WebExplorer. As stated above, it is based on the code of WebExplorer 1.03 so all those annoying 1.03 bugs and shortcomings are present in this browser as well, in spite of the 1.1 version number. The 1.1a version of non-secure WebExplorer that is available on the 'net is based on newer code than SWE.
Installation is fairly straightforward. The user just inserts the disk or CD and types "install" from the command line. An install window is displayed allowing you to specify the install directory; the default is your existing TCPIP directory so it might be a good idea to back it up just in case.
Installation went smoothly on two stand-alone Warp "Blue Spine" machines. During the install on a Warp Connect networked machine the files normally found in the x:\TCPIP\etc directory (explore.ini, mailcap, extmap, tcpos2.ini, etc.) were copied into the x:\MPTN\etc directory instead.
The installation program creates an icon for Secure WebExplorer and Key Management in the "Internet Connection for OS/2" folder. All other icons are left untouched including any preexisting icons for Web Explorer you might have.
The first place to go once you get SWE running is https://www1.raleigh.ibm.com/tutorial/sslex.htm. This site allows you to play around in "Coffee Net" and test out the security features of the browser. You can also get there by selecting "WebExplorer Information" from the help pull down menu and following the links related to Secure Web Explorer.
The Smart Guide is easier to use and walks you through the necessary steps. However, it did encounter a problem when it attempted to e-mail the certificate request. If the Smart Guide fails in sending the e-mail, you can follow the instructions and manually e-mail the certificate request, though. Still, there are a few downsides to using the Smart Guide. The certificate is only valid for a period of one year and the certificate key is only 512 bytes long. The Key Manager software provided with the secure WebExplorer allows you to select the expiration date of the key (you can even set it to never expire) and choose a certificate key of up to 1024 bytes in length for additional security.
Once you've created and installed your personal key, you can use sites requiring the S-HTTP protocol. These are likely to be banking sites or those requiring greater security than simple SSL.
When using SWE on a Warp Connect test machine sitting behind a Netscape Secure Proxy Server, the results are not encouraging. Linking to the IBM Secure WebExplorer SSL Coffee Net produced the message: "Proxy denies fulfilling the request". The same message occurs at other secure sites. Several other users on-site are able to access the same pages with Netscape 1.2, 2.0 and other secure compliant browsers without any problems. A problem has been opened with IBM regarding this error (IBM PRB #6X,580246) but at this time it is still unresolved.
In testing stand-alone machines directly connected via the PPP dialer, the results are much better. Most simple sites that require SSL work well. Be warned though, there are some sites that look at the identifier of your browser and check for Netscape. If they don't see Netscape they assume your browser couldn't possibly support secure transactions and they won't allow you to proceed. If you find a site that doesn't work, you should contact the Web Administrator there to make sure the site isn't just checking for the Netscape ID.
Some problems like checking for browser name are easy for a web master to fix while others are more difficult. Attempting to access the secure user area at Security First Network Bank causes SWE to abend with a SYS3175. After working with the bank and IBM's tech support, it was determined that the site was incompatible because it uses a feature called "cookies" that isn't yet supported in SWE. IBM stated that they were aware of the requirement to support cookies but they had not yet committed to a date for implementation in WebExplorer. It should be noted that this is not only really related to security, but to any web site and can cause problems for any version of WebExplorer.
With all the different versions of WebExplorer running around, things are getting a little difficult to keep straight. Maybe it's too much to ask, but wouldn't it be nice if there was a base version of WebExplorer and extensions like Java or Security could be added simply by installing optional DLL's? As a final note, the authors would like to thank Jack Arnold from IBM WebExplorer support. Jack went the extra mile to help out with the problems that we encountered. Thanks Jack!
IBM Secure WebExplorer v1.1Dan Knight is a Project Manager in MGIC's Strategic Technologies department. Dan helped design the user interface to MGIC's first mission critical OS/2 application.
Our Sponsors: [Shenandoah] [Surf'nRexx] [BMT Micro] [ChipChat] [EmTec]
Contents | 
Previous Article | Next Article 
Copyright © 1996 - Falcon Networking