Skip Headers

Oracle9i Application Server Security Guide
Release 2 (9.0.2)

Part Number A90146-01
Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents

Go to previous page

Index

A  B  C  D  E  F  G  H  I  J  L  M  N  O  P  R  S  T  U  V  W  X 


A

access control, 1-12
directory, 2-14
Access Partner Applications window, 3-11
AccessConfig directive, 4-5
accidental, 1-3
administrator user for Oracle9iAS Web Cache, 8-2
allow directive, 4-4
anonymous user logins
to J2SE JAAS provider applications, 7-14
Apache HTTP Server, 2-28
application metadata, defined, 2-14
application security
requirements, 1-16
secure application role, 9-4
attributes
default-realm, 7-17, 7-18
location, 7-13, 7-15, 7-17, 7-18
persistence, 7-15, 7-18
provider, 7-13, 7-15, 7-17, 7-18
auditing
in multitier systems, 9-3
multitier applications, 9-3
security events in Oracle9iAS Portal, 2-37
AUTHENTICATED_USERS, 6-19
AUTHENTICATED_USERS group, 6-31
authentication, 1-17
basic authentication in Oracle9iAS, 9-9
described, 1-24
middle tier, 1-30
password-based, 1-19
PKI certificate-based, 1-19
proxy, 1-30, 9-2
authentication methods, 7-21
precedence, 7-21
authorization, 1-12, 1-24
(SSA), 1-24
(SSC), 1-24
Oracle 9iAS mediation, 1-12
AuthUserFile directive, 4-10
availability
security factors, 1-14

B

Baltimore CyberTrust certificates, 2-32
BASIC, 7-22
basic authentication, 7-20, 7-22
BrowserMatch directive, 4-8
browsers supported by mod_ossl, 4-23

C

central directory
security, 1-16
storing credentials, 1-22
certificate authorities
Baltimore CyberTrust, 2-6
introduction, 1-20
RSA certificates, 2-6
VeriSign, 2-6
certificates
contents, 1-20
introduction, 1-20
root, 1-21
trusted, 1-21
checksums
algorithms, 1-26
client certificate authentication, 7-24
configuration
LoginModule, 7-10
sample configuration files, 7-3
configuring
JAAS provider, 7-2
wallets, 8-6
connection
multitier, 9-5
cookie, 2-21
credentials
secure storage, 1-22
wallets, 1-18
custom authentication, 9-9
custom owa, 9-9

D

dads.conf file, 3-4, 6-35
section for Oracle9iAS Single Sign-On, 3-9
data
deep data protection, 1-15
Data Encryption Standard (DES), 1-26
DBA group, 6-19, 6-31
decryption, 1-18
default password policy, 2-9
default user account lockout, 2-9
default user password expiration, 2-9
default user password length, 2-9
default user password, using numbers in, 2-9
default-realm attribute, 7-17, 7-18
Delegated Administration Service, 2-11, 2-18
denial of service attack, 1-14
deny directive, 4-4
deployment descriptor files, 7-3
description element, 7-27
directory containers
Groups, 2-15
Products, 2-15
Directory Synchronized Provisioning agent, 6-15
DIT (directory information tree), 2-15
doasprivileged-mode, 7-20, 7-21

E

Edit SSO Server page, 3-11
Edit SSO Server window, 3-13
encryption, 1-18
algorithms, 1-25
for network transmission, 1-25
external applications, 2-20

F

fault containment, 1-15
firewalls, 1-32
FORM, 7-22

G

generateldif.sh script
loading JAAS provider demo data into OiD, 7-7
global owa, 9-9
group ID for Oracle9iAS Web Cache administration, 8-4
groupOfUniqueNames attributes, 6-14
groupOfUniqueNames object class, 6-13

H

hosting
Oracle 9iAS economies, 1-9
htaccess, 4-6
htaccess file, 2-30
HTTP, 2-29
HTTP basic authentication, 9-8
httpd.conf file, 2-30, 4-2, 4-10, 4-11, 4-15, 7-23
location, 4-3
SSL Virtual Host context, 3-7
HTTPS, 2-29
HTTPS protocol support for Oracle9iAS Web Cache, 8-5
specifying the listening port, 8-9

I

iasobf tool, 7-24
iasobf tool, how to use, 4-32
IETF(RFC 2798), 6-9, 6-13
inappropriate, 1-3
inetOrgPerson object class, 6-9
installation type, 7-5
Oracle9i Application Server, 2-7, 7-5
Oracle9iAS Infrastructure, 2-7, 7-5, 7-7
integrity
checking, 1-26
Internet
hosted system security, 1-8
scalability of security, 1-15
intrusion
to create attacks, 1-14
invalidator user for Oracle9iAS Web Cache, 8-2

J

J2EE Environments, 7-16
J2SE Environments, 7-13
JAAS
core java security, 1-31
enterprise JavaBeans, 2-40
JSPs, 2-40
LoginModules, 2-38
role-based access control, 2-39
RunAsClient, 2-40
RunAsID, 2-40
servlets, 2-40
with Oracle Internet Directory capabilities, 2-39
JAAS provider
common configuration tasks
configuring a Java2 Policy File, 7-9
configuring RealmLoginModule login, 7-10
ensuring installation of correct components, 7-5
loading the JAZN schema, 7-6
configuration overview, 7-2
J2EE configuration tasks, 7-16
configuring an authentication method, 7-20
configuring applications for SSL environments, 7-23
configuring applications for SSO environments, 7-23
configuring mod_oc4j to delegate HTTP requests to OC4J, 7-25
configuring role-name, 7-25
configuring run-as element, 7-25
configuring security role, 7-25
J2SE configuration tasks
configuring a JAAS provider property file, 7-13
policy provider, 7-7
provider types, 7-5
specifying JAAS provider as policy provider, 7-7
using with Oracle HTTP Server, 7-5
using with Oracle Internet Directory, 7-5
using with Oracle9iAS Containers for J2EE, 7-5
using with XML files, 7-5
jaas.config file, 7-10
creating for JAAS provider, 7-10
Java
class execution, 9-6
security implementation, 9-6
Java Database Connectivity (JDBC)
encryption, 9-15
JDBC-OCI driver, 9-2, 9-14
network security, 9-13
supported drivers, 9-14
Thin driver, 9-14, 9-15
Java Secure Socket Extension (JSSE), 9-16
Java virtual machine (JVM), 9-6
Java2 policy file
configuring for JAAS provider, 7-9
java2.policy file, 7-3
configuring for JAAS provider, 7-9
java.lang.SecurityManager, 9-6
jazn.com, 7-27
jazn-data.xml, 7-3, 7-18, 7-26
jazn.props file
configuring in J2SE environments, 7-13
JAZNUserManager, 7-16, 7-20
enabling, 7-16
JAZNUserManager filter element, 7-20
jazn-web-app, 7-20, 7-21
jazn.xml, 7-3, 7-13, 7-18
JDBC, fat-client, 2-27, 2-31
JDK 1.3, 7-5
JVM, 7-7

L

LDAP
Oracle Internet Directory, 2-6
server instance architecture, 2-13
LDAP compliance, 2-12
ldap.password property name, 7-17
ldap.user property name, 7-14, 7-17
.ldif files, 7-7
location attribute, 7-13, 7-15, 7-17, 7-18
login-config element, 7-22
LoginModule configuration, 7-10
LoginModules, 2-38

M

malicious, 1-3
MD4 hashing scheme, 2-14
MD5 Checksum, 1-27, 2-14
mod_oc4j, 7-5, 7-25
mod_oc4j.conf, 7-23
mod_ossl, 2-30, 2-31, 7-5
optional_no_ca, not supported, 4-25
types of browsers supported, 4-23
mod_osso, 2-20, 7-5
mod_osso.conf, 3-12
mod_osso.conf file, 3-13
mod_plsql, 2-27, 2-31
mod_setenvif, 4-5
mod_ssl directives not supported, 4-13
mods, defined, 2-28
multitier systems
auditing, 9-3
proxy authentication, 9-3

N

Netegrity Site Minder, 2-20
network security
encryption, 1-25
firewalls, 1-32
Java Database Connectivity (JDBC), 9-13
multitier connection management, 9-5
Secure Sockets Layer, 1-21

O

obfuscated password, 7-14, 7-17
OC4J group, 7-27
OpenSSL, 2-31
optional_no_ca, not supported, 4-25
Oracle Advanced Security, 2-3, 2-27, 2-31
Oracle Call Interface (OCI)
JDBC-OCI driver, 9-14
Oracle Connection Manager, 9-5
Oracle Context, 2-15
starter, 2-15
Oracle Enterprise Security Manager, 1-29
Oracle HTTP Server
AccessConfig directive, 4-5
allow directive, 4-4
AuthUserFile directive, 4-10
BrowserMatch directive, 4-8
deny directive, 4-4
global directives, 4-14
.htaccess disabled, 4-6
.htaccess file disabled, 2-30
httpd.conf file, 2-30, 4-2, 4-10, 4-11, 4-15
iasobf tool, 4-32
mod_ossl, 2-31
mod_setenvif, 4-5
optional_no_ca, not supported, 4-25
order directive, 4-4
osslpassword tool, 4-32
per-directory directives, 4-14
per-server directives, 4-14
Privacy Enhanced Mail (PEM), 4-27
require directive, 4-11
SetEnvIf directive, 4-8
URL request handling steps, 4-2
used with Oracle Wallet Manager, 2-30
WWW-Authenticate header, 4-10
Oracle Internet Directory, 2-6
administration, delegation of, 2-14
architecture, 2-17
LDAP compliance, 2-12
LDAP server instance architecture, 2-13
MD4 hashing scheme, 2-14
MD5 Checksum, 2-14
Secure Hash Algorithm (SHA), 2-14
Secure Sockets Layer (SSL), 2-14
security benefits, 2-14
security features, 2-12
Oracle Internet Directory cache, 6-15
Oracle Java SSL, 9-16
Oracle Management Server, 2-3, 2-7
Oracle Net, 2-27
Oracle Password Protocol, 9-16
Oracle Technology Network URL reference, xx, 2-9, 2-13, 2-16
Oracle Wallet Manager, 1-22, 2-6, 2-32, 9-16
used with Oracle HTTP Server, 2-30
Oracle wallets, 2-6
created with Auto Login feature, 4-15
Oracle Web Cache Manager
Security page, 8-2
security settings, 8-2
Oracle9i Single Sign-On
dads.conf file, 3-4
Oracle9iAS Infrastructure, 2-5, 2-7, 2-10
Oracle9iAS Metadata Repository, 2-3, 2-5, 2-7
Oracle9iAS Portal
AUTHENTICATED_USERS, 6-19
AUTHENTICATED_USERS group, 6-31
dads.conf file, 6-35
DBA group, 6-19, 6-31
directory synchronized events, 6-18
Directory Synchronized Provisioning agent, 6-15
directory synchronized provisioning, about, 6-16
GROUP DELETE event, 6-18
GROUP MODIFY event, 6-18
groupOfUniqueNames attributes, 6-14
groupOfUniqueNames object class, 6-13
how to create a single domain, 6-16
inetOrgPerson object class, 6-9
logging, 2-37
mapping of Oracle9iAS Portal group properties to Oracle Internet Directory, 6-15
mapping of Oracle9iAS Portal user properties to Oracle Internet Directory, 6-12
Oracle Internet Directory cache, 6-15
OracleDASCreateGroup group, 6-19
OracleDASCreateUser group, 6-19
orclGroup attributes, 6-14
orclGroup object class, 6-13
orclUser object class, 6-9
orclUserV2 object class, 6-9
PlsqlExclusionList directive, 6-35
PORTAL schema, 6-29
PORTAL user, 6-19, 6-30
PORTAL_ADMIN user, 6-19, 6-31
PORTAL_ADMINISTRATORS group, 6-19, 6-31
PORTAL_DEMO schema, 6-30
PORTAL_DEVELOPERS group, 6-31
PORTAL_PUBLIC schema, 6-30
PORTLET_PUBLISHERS group, 6-31
ptlasst.bat, 6-6
ptlasst.csh, 6-6
PUBLIC user, 6-30
RW_ADMINISTRATOR group, 6-31
RW_BASIC_USER group, 6-32
RW_DEVELOPER group, 6-31
RW_POWER_USER group, 6-32
secupoid.sql script, 6-37, 6-38
upsecoid.sql script, 6-39
user and group lists of values, 6-16
USER DELETE event, 6-18
USER MODIFY event, 6-18
WWMON_CHART_BY_ACTION.show, 6-35
WWMON_CHART_BY_BROWSER.show, 6-35
WWMON_CHART_BY_DATE.show, 6-35
WWMON_CHART_BY_IPADDRESS.show, 6-35
WWMON_CHART_BY_LANGUAGE.show, 6-35
WWMON_CHART_BY_OBJECT.show, 6-36
WWMON_CHART_BY_ROWS.show, 6-36
WWMON_CHART_BY_TIME.show, 6-36
WWMON_CHART_BY_USER.show, 6-36
WWMON_CHART_SEARCHES.show, 6-36
WWSEC_FLAT$ table, 6-18
Oracle9iAS Portal application entity, 6-8
Oracle9iAS Portal default user accounts, 6-7
Oracle9iAS Portal directory synchronization subscription, 6-8
Oracle9iAS Portal group container, 6-7
Oracle9iAS Portal groups, 6-8
Oracle9iAS Portal objects with privilege control, 6-24
Oracle9iAS PortalOracleDASCreateGroup group, 6-19
Oracle9iAS Single Sign-On
Access Partner Applications window, 3-11
default SSL port, 3-10
Edit SSO Server page, 3-11
home page, 3-11
Software Development Kit (SDK), 3-2
ssocfg.sh script, 3-4
Oracle9iAS Web Cache
security settings, 8-2
trusted subnet, 8-3
Oracle9iAS Web Cache Manager
cache-specific configuration
wallet configuration, 8-9
OracleContextDN, 7-7
OracleDASCreateGroup group, 6-19
OracleDASCreateUser group, 6-19
OracleHOME_NAMEWebCache service, 8-6, 8-7
OracleHOME_NAMEWebCacheAdmin service, 8-7
OracleHOME_NAMEWebCacheMon service, 8-7
orclcommonusersearchbase, 2-9
orclGroup attributes, 6-14
orclGroup object class, 6-13
orclUser object class, 6-9
orclUserV2 object class, 6-9
order directive, 4-4
orion-application.xml, 7-3, 7-16, 7-18, 7-19, 7-20, 7-21, 7-27
mapping roles, 7-27
orion-web.xml, 7-3, 7-20, 7-21
osslpassword tool, how to use, 4-32
OssoIPCheck directive, 3-13

P

partner application
cookies, 2-22
Oracle9iAS Portal as, 2-36
partner applications, 2-20
password, 7-14, 7-24
clear, 7-24
encrypted, 7-24
server wallet, 7-24
password policy, 2-9
passwords
authentication, 1-19
protection in directory, 2-14
security risks, 1-11
per package authentication, 9-9
persistence attribute, 7-15, 7-18
PKCS#10 certificates, 2-6, 2-32
PlsqlCGIEnvironmentList parameter, 3-8
PlsqlExclusionList directive, 6-35
PORTAL schema, 6-29
PORTAL user, 6-19, 6-30
PORTAL_ADMIN user, 6-19, 6-31
PORTAL_ADMINISTRATORS group, 6-19, 6-31
PORTAL_DEMO schema, 6-30
PORTAL_DEVELOPERS group, 6-31
PORTAL_PUBLIC schema, 6-30
PORTLET_PUBLISHERS group, 6-31
postinstall.sh
upgrading Oracle Internet Directory, 7-7
precedence
authentication methods, 7-21
Privacy Enhanced Mail (PEM), 4-27
private key, 1-19, 1-20
property names
ldap.password, 7-17
ldap.user, 7-14, 7-17
xml.permclsmgr.enable, 7-19
xml.princlsmgr.enable, 7-19
provider attribute, 7-13, 7-15, 7-17, 7-18
provider types
with JAAS provider, 7-5
proxy authentication, 1-30, 2-31, 9-2
directory, 9-3
ptlasst.bat, 6-6
ptlasst.csh, 6-6
PUBLIC
protecting the PL/SQL procedures, 9-11
Public Key Certificate Standard #12 (PKCS#12), 1-22
public key infrastructure (PKI)
certificate-based authentication, 1-19
cryptography, 1-18
introduction, 1-17
PUBLIC user, 6-30

R

RC4 encryption algorithm, 1-26
RealmLoginModule class
configuring for JAAS provider in non-SSO authentication environments, 7-4
configuring for JAAS provider in SSL and Basic authentication environments, 7-10
RealmPrincipal class, 7-27
require directive, 4-11
role-name element, 7-27
roles
mapping in the orion-application.xml file, 7-27
secure application, 9-4
secure application role, 9-4
root certificate, 1-21
RSA certificates, 2-32
RSA Data Security RC4, 1-26
run-as element, 7-25
RunAsClient, 2-40
RunAsID, 2-40
runas-mode, 7-20, 7-21
RW_ADMINISTRATOR group, 6-31
RW_BASIC_USER group, 6-32
RW_DEVELOPER group, 6-31
RW_POWER_USER group, 6-32

S

scalability
security, 1-16
secupoid.sql script, 6-37, 6-38
secupoid.sql script, running it, 6-37
secure application roles, 9-4
Secure Hash Algorithm (SHA), 1-27, 2-14
Secure Sockets Layer (SSL)
advantages in multitier, 1-21
network security, 1-21
Oracle Internet Directory, 2-14
versions supported with mod_ossl, 4-13
security
access control, 1-12
authentication, 1-17, 9-8
authorization, 1-12
availability, 1-14
central directory, 1-16
certificates, 1-20, 1-21
credentials, storage, 1-22
deep data protection, 1-15
denial of service attack, 1-14
fault containment, 1-15
firewalls, 1-32
hosting and data exchanges, 1-8
Internet, 1-15
Java implementation, 9-6
multitier systems, 1-16
Oracle Internet Directory, 2-12
password threats, 1-11
password vulnerabilities, 1-11
PKI, 1-17
PL/SQL procedures granted to PUBLIC, 9-11
private key, 1-20
requirements, 1-16
root certificate, 1-21
scalability, 1-16
scope of issues, 1-6
secure application role, 9-4
tradeoffs, 1-9
user management, 1-15, 1-16
virtual private database (VPD), 9-5
security role, 7-25
security settings for Oracle9iAS Web Cache, 8-2
SecurityManager class, 9-6
server wallet, 7-23
server wallet directory, 7-23
ServerName directive, 3-6
servlet, 7-25
Set SSL to on, 7-23
SetEnvIf directive, 4-8
single sign-on
external applications, 2-20
mod_osso, 2-20
Netegrity Site Minder, 2-20
single sign-on (SSO), 1-22, 7-20
cookie, 2-21
initial authentication, 2-21
integration with LDAP, 2-26
Java applications with, 2-38
partner application authentication process, 2-22
partner application cookies, 2-22
partner applications, 2-20
PKI support, 2-26
SSL encryption of cookies, 2-22
support for legacy and third-party applications, 2-19
Single Sign-On home page, 3-11
single source of control (SSC), 1-24
single station administration (SSA), 1-24
sr_manager
security role, 7-25
SSA (single station administration), 1-24
SSC (single source of control), 1-24
SSL, 1-29
SSL authentication
enable, 7-23
SSL Virtual Host context, 3-7
SSL_CLIENT_CERT environment variable, 3-8
SSL_CLIENT_S_DN environment variable, 3-8
SSL-enabled applications, 7-5
SSLEngine directive, 3-6
SSLVerifyClient directive, 3-6
SSLWallet directive, 3-6
SSO cookies, 2-11
SSO See single sign-on (SSO)
SSO_TIMEOUT_ID cookie, 3-12
ssocfg.sh script, 3-4, 3-10
ssodnmap.pks package, 3-9
SSO-enabled applications, 7-5
ssogito.sql script, 3-12
storage
secure credentials, 1-22
subscriber's user searchbase, 2-9

T

Triple DES (3DES), 1-26
trusted subnet for Oracle9iAS Web Cache administration, 8-3

U

unauthorized, 1-3
upsecoid.sql script, 6-39
user ID for Oracle9iAS Web Cache administration, 8-4
user management, 1-15, 1-16
users
authorization of, 1-24

V

VeriSign, 2-32
virtual private database (VPD)
introduction, 9-5

W

wallets, 2-6
changing a password, 5-15
closing, 5-13
configuring
Oracle9iAS Web Cache, 8-9
considerations for Windows NT and 2000, 8-7
creating, 5-11
credential storage, 1-22
credentials, 1-18
deleting, 5-14
managing, 5-11
managing certificates, 5-17
managing trusted certificates, 5-21
opening, 5-13
saving, 5-13
web.xml, 7-3, 7-21, 7-22, 7-25
WWMON_CHART_BY_ACTION.show package, 6-35
WWMON_CHART_BY_BROWSER.show, 6-35
WWMON_CHART_BY_DATE.show, 6-35
WWMON_CHART_BY_IPADDRESS.show, 6-35
WWMON_CHART_BY_LANGUAGE.show, 6-35
WWMON_CHART_BY_OBJECT.show, 6-36
WWMON_CHART_BY_ROWS.show, 6-36
WWMON_CHART_BY_TIME.show, 6-36
WWMON_CHART_BY_USER.show, 6-36
WWMON_CHART_SEARCHES.show, 6-36
WWW-Authenticate header, 4-10

X

X.509 Version 3 certificates, 2-6, 9-2
with Oracle HTTP Server, 2-29
xml.permclsmgr.enable property name, 7-19
xml.princlsmgr.enable property name, 7-19

Go to previous page
Oracle
Copyright © 2002 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents