Abstract: The present invention relates to a secure caching technique for shared distributed caches. A method in accordance with an embodiment of the present invention includes: encrypting a key K to provide a secure key, the key K corresponding to a value to be stored in a cache; and storing the value in the cache using the secure key.

Abstract: A system and method to allow authorized popup windows on a website are provided. With the system and method, one or more identifiers of authorized popup window sources are associated with website content. When the website content is downloaded to a client device in response to a request, the one or more identifiers are also provided to the client device. A popup blocker application resident on the client device uses the one or more identifiers to generate a filter list of authorized popup window sources against which the source of popup windows may be compared when the popup window attempts to be loaded into the browser. If the source of the popup window that is attempting to be loaded is not present in the list of authorized sources of popup windows, then the loading and output of the popup window content is blocked.

Abstract: Provided is a method for providing Java modularity class loader protection by controlling the visibility of WebSphere, service provider, library and utility code interfaces. Interface access authorization is checked once, during module and class loading to effectively protect vulnerable programming interfaces, eliminating permission checking during execution. Code in a WebSphere Application server (WAS) computing environment is categorized into a finite number of sets in which one permission type is assigned to each set and the code in each set runs at the same privilege zone. Each set exposes programming interfaces to provide functional service and code in a particular set can only access code in the same or a lower security zone set. Also provided is a technique for explicitly providing to specific modules in lower security zones access to modules or designated interfaces of modules in higher security zones.

Abstract: A method, apparatus and computer instructions for tracking security attributes along invocation chain using secure propagation token. When a user is authenticated, a propagation token is created. The propagation token includes a caller list, a host list, and custom attributes. The propagation token may be propagated downstream along with other marker tokens. A service provider may associate custom attributes in the propagation token or create custom propagation token to be propagated. The propagation token tracks the original caller and subsequent callers when user switches occur and a list of hosts at which the propagation token lands on.