Oracle® Application Server Security Guide
10g Release 2 (10.1.2) B13999-03 |
|
Previous |
Next |
This document presents basic Web security concepts and describes the Oracle Application Server security framework and how to use it. First, it provides a survey of security issues and requirements that arise when operating private business systems in the public Internet environment. Then it introduces the security features of Oracle Application Server and provides configuration information for setting up a secure middle tier.
The Oracle Application Server Security Guide is intended for security administrators, application developers, database administrators, system operators, and other Oracle users who perform the following tasks:
Configure middle-tier system security
Analyze application security requirements
Implement security technologies
Administer middle-tier system security
To use this document, you need to have general knowledge of Web server administration, Internet concepts, and networking concepts.
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
TTY Access to Oracle Support Services
Oracle provides dedicated Text Telephone (TTY) access to Oracle Support Services within the United States of America 24 hours a day, seven days a week. For TTY support, call 800.446.2398.
For Oracle Application Server Application Administrators
This section lists common administration tasks and the manuals that describe them.
General administration tasks
Managing static content
Controlling user access to Web content using portals
Managing Oracle Application Server Web Cache
Writing and deploying secure OC4J applications
Oracle Application Server Containers for J2EE Security Guide
Managing Oracle Application Server Wireless for security mechanisms
Managing users, passwords, and privileges
Managing application, resource, and data source security using Oracle Reports
Oracle Application Server Reports Services Publishing Reports to the Web
Managing user access and internalization
Oracle Application Server Personalization Administrator's Guide
Configuring security for Oracle Application Server Workflow
Administering SSO
Oracle Application Server Single Sign-On Administrator's Guide
Managing certificate issues
Oracle Application Server Certificate Authority Administrator's Guide
For Oracle Identity Management Infrastructure Administrators
For all tasks pertaining to administering and deploying Oracle Identity Management, see the Oracle Identity Management Concepts and Deployment Planning Guide.
For Oracle Application Server Application Developers
This section lists common development tasks and the manuals that describe them.
Configuring SSO
Oracle Application Server Single Sign-On Administrator's Guide
Configuring Web Services
Using keys and certificates for SSL communication in OC4J
Oracle Application Server Containers for J2EE Servlet Developer's Guide
For Oracle Application Server Application Deployers
This section lists common deployment tasks and the manuals that describe them.
Configuring SSO
Oracle Application Server Single Sign-On Administrator's Guide
Configuring Forms with HTTP listener, OC4J, SSO, and OID
Configuring security mechanisms in Oracle Business Intelligence Discoverer
For further information on security issues that are not addressed here, see the Oracle Application Server Release Notes in the Oracle Application Server Platform-specific documentation.
For Oracle Application Server Application Users
This section lists common development tasks and the manuals that describe them.
Using Oracle Ultra Search
Using Oracle BPEL Process Analytics
Setting up the database and PL/SQL to avoid known security problems
Guide to Oracle Documentation
For more information, see these Oracle resources. Descriptions of documents have been added to some listings to guide you to where specific security information can be found. Where document titles are self-explanatory, no description is provided.
The Oracle Application Server Documentation Library contains the following documents:
Oracle Application Server Concepts
An overview of the application server features.
Oracle Identity Management Concepts and Deployment Planning Guide
An overview of the Identity Management features.
Oracle Internet Directory Administrator's Guide
Detailed description of Oracle Internet Directory, including Delegated Administration Service and Directory Integration Service, and how to use them.
Oracle Identity Management Application Developer's Guide
Detailed description of how to enable applications to access Oracle Internet Directory by using the C API and the PL/SQL API.
Oracle Application Server Single Sign-On Administrator's Guide
Detailed description of how to enable single sign-on for Oracle Application Server.
Oracle Application Server Containers for J2EE Services Guide
Discuss how to make effective use of the Oracle Application Server Containers for J2EE security features.
Oracle Application Server mod_plsql User's Guide
Detailed descriptions of how to configure and use Oracle HTTP Server plug-in mod_plsql
, which enables communication between the middle tier and an Oracle database.
Oracle Application Server Platform-Specific Documentation contains the following documents:
Oracle Application Server Installation Guide
Detailed description of what you must install to get the security functionality you require.
Oracle Application Server Release Notes
Oracle Application Server Upgrade and Compatibility Guide
Detailed description of what you must do if you are migrating from a previous version of Oracle Application Server, such as migrating digital certificates.
Oracle Application Server Best Practices
Detailed description of Oracle Application Server best practices, including security best practices.
Oracle Database Documentation Library contains the following documents:
Oracle Database Advanced Security Administrator's Guide
Detailed description of how to configure and use Oracle Advanced Security, the Oracle database option that provides encryption, integrity protection, and advanced authentication to Oracle database clients and servers.
Oracle Database Administrator's Guide
Description of the Oracle Database 10g feature proxy authentication, which allows Oracle Application Server to establish an authenticated session with the database.
Oracle Database Application Developer's Guide - Fundamentals
Detailed description of how to enable Oracle Application Server to use database proxy authentication.
The following text conventions are used in this document:
Convention | Meaning |
---|---|
boldface | Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary. |
italic | Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values. |
monospace
|
Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter. |