Skip Headers
Oracle® Enterprise Manager Policy Reference Manual
10g Release 2 (10.2)

Part Number B16231-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Feedback

Go to previous page
Previous
Go to next page
Next
View PDF

8 OC4J Policy

This chapter provides the following information for the Oracle Application Server Containers for J2EE (OC4J) policy:

8.1 OC4J Password Indirection

This policy verifies that password indirection is used in OC4J XML configuration and deployment files.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security OC4J Oracle Application Server 9.0.4.x and Oracle Application Server 10.1.2.x The underlying metric has a collection frequency of once every 24 hours. Yes Password indirection is not used in configuration file %FILE_NAME%.

Footnote 1 The policy rule is evaluated each time its underlying Password_Indirection metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

None

Impact of Violation

Embedding these passwords into deployment and configuration files poses a security risk, especially if the permissions on the files allow them to be read by any user.

Action

To avoid this problem, OC4J provides password indirection and password obfuscation.