Index
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
R
S
T
U
V
W
X
A
- access control, 1-12
- directory, 2-14
- Access Partner Applications window, 3-11
- AccessConfig directive, 4-5
- accidental, 1-3
- administrator user for Oracle9iAS Web Cache, 8-2
- allow directive, 4-4
- anonymous user logins
- to J2SE JAAS provider applications, 7-14
- Apache HTTP Server, 2-28
- application metadata, defined, 2-14
- application security
- requirements, 1-16
- secure application role, 9-4
- attributes
- default-realm, 7-17, 7-18
- location, 7-13, 7-15, 7-17, 7-18
- persistence, 7-15, 7-18
- provider, 7-13, 7-15, 7-17, 7-18
- auditing
- in multitier systems, 9-3
- multitier applications, 9-3
- security events in Oracle9iAS Portal, 2-37
- AUTHENTICATED_USERS, 6-19
- AUTHENTICATED_USERS group, 6-31
- authentication, 1-17
- basic authentication in Oracle9iAS, 9-9
- described, 1-24
- middle tier, 1-30
- password-based, 1-19
- PKI certificate-based, 1-19
- proxy, 1-30, 9-2
- authentication methods, 7-21
- precedence, 7-21
- authorization, 1-12, 1-24
- (SSA), 1-24
- (SSC), 1-24
- Oracle 9iAS mediation, 1-12
- AuthUserFile directive, 4-10
- availability
- security factors, 1-14
B
- Baltimore CyberTrust certificates, 2-32
- BASIC, 7-22
- basic authentication, 7-20, 7-22
- BrowserMatch directive, 4-8
- browsers supported by mod_ossl, 4-23
C
- central directory
- security, 1-16
- storing credentials, 1-22
- certificate authorities
- Baltimore CyberTrust, 2-6
- introduction, 1-20
- RSA certificates, 2-6
- VeriSign, 2-6
- certificates
- contents, 1-20
- introduction, 1-20
- root, 1-21
- trusted, 1-21
- checksums
- algorithms, 1-26
- client certificate authentication, 7-24
- configuration
- LoginModule, 7-10
- sample configuration files, 7-3
- configuring
- JAAS provider, 7-2
- wallets, 8-6
- connection
- multitier, 9-5
- cookie, 2-21
- credentials
- secure storage, 1-22
- wallets, 1-18
- custom authentication, 9-9
- custom owa, 9-9
D
- dads.conf file, 3-4, 6-35
- section for Oracle9iAS Single Sign-On, 3-9
- data
- deep data protection, 1-15
- Data Encryption Standard (DES), 1-26
- DBA group, 6-19, 6-31
- decryption, 1-18
- default password policy, 2-9
- default user account lockout, 2-9
- default user password expiration, 2-9
- default user password length, 2-9
- default user password, using numbers in, 2-9
- default-realm attribute, 7-17, 7-18
- Delegated Administration Service, 2-11, 2-18
- denial of service attack, 1-14
- deny directive, 4-4
- deployment descriptor files, 7-3
- description element, 7-27
- directory containers
- Groups, 2-15
- Products, 2-15
- Directory Synchronized Provisioning agent, 6-15
- DIT (directory information tree), 2-15
- doasprivileged-mode, 7-20, 7-21
E
- Edit SSO Server page, 3-11
- Edit SSO Server window, 3-13
- encryption, 1-18
- algorithms, 1-25
- for network transmission, 1-25
- external applications, 2-20
F
- fault containment, 1-15
- firewalls, 1-32
- FORM, 7-22
G
- generateldif.sh script
- loading JAAS provider demo data into OiD, 7-7
- global owa, 9-9
- group ID for Oracle9iAS Web Cache administration, 8-4
- groupOfUniqueNames attributes, 6-14
- groupOfUniqueNames object class, 6-13
H
- hosting
- Oracle 9iAS economies, 1-9
- htaccess, 4-6
- htaccess file, 2-30
- HTTP, 2-29
- HTTP basic authentication, 9-8
- httpd.conf file, 2-30, 4-2, 4-10, 4-11, 4-15, 7-23
- location, 4-3
- SSL Virtual Host context, 3-7
- HTTPS, 2-29
- HTTPS protocol support for Oracle9iAS Web Cache, 8-5
- specifying the listening port, 8-9
I
- iasobf tool, 7-24
- iasobf tool, how to use, 4-32
- IETF(RFC 2798), 6-9, 6-13
- inappropriate, 1-3
- inetOrgPerson object class, 6-9
- installation type, 7-5
- Oracle9i Application Server, 2-7, 7-5
- Oracle9iAS Infrastructure, 2-7, 7-5, 7-7
- integrity
- checking, 1-26
- Internet
- hosted system security, 1-8
- scalability of security, 1-15
- intrusion
- to create attacks, 1-14
- invalidator user for Oracle9iAS Web Cache, 8-2
J
- J2EE Environments, 7-16
- J2SE Environments, 7-13
- JAAS
- core java security, 1-31
- enterprise JavaBeans, 2-40
- JSPs, 2-40
- LoginModules, 2-38
- role-based access control, 2-39
- RunAsClient, 2-40
- RunAsID, 2-40
- servlets, 2-40
- with Oracle Internet Directory capabilities, 2-39
- JAAS provider
- common configuration tasks
- configuring a Java2 Policy File, 7-9
- configuring RealmLoginModule login, 7-10
- ensuring installation of correct components, 7-5
- loading the JAZN schema, 7-6
- configuration overview, 7-2
- J2EE configuration tasks, 7-16
- configuring an authentication method, 7-20
- configuring applications for SSL environments, 7-23
- configuring applications for SSO environments, 7-23
- configuring mod_oc4j to delegate HTTP requests to OC4J, 7-25
- configuring role-name, 7-25
- configuring run-as element, 7-25
- configuring security role, 7-25
- J2SE configuration tasks
- configuring a JAAS provider property file, 7-13
- policy provider, 7-7
- provider types, 7-5
- specifying JAAS provider as policy provider, 7-7
- using with Oracle HTTP Server, 7-5
- using with Oracle Internet Directory, 7-5
- using with Oracle9iAS Containers for J2EE, 7-5
- using with XML files, 7-5
- jaas.config file, 7-10
- creating for JAAS provider, 7-10
- Java
- class execution, 9-6
- security implementation, 9-6
- Java Database Connectivity (JDBC)
- encryption, 9-15
- JDBC-OCI driver, 9-2, 9-14
- network security, 9-13
- supported drivers, 9-14
- Thin driver, 9-14, 9-15
- Java Secure Socket Extension (JSSE), 9-16
- Java virtual machine (JVM), 9-6
- Java2 policy file
- configuring for JAAS provider, 7-9
- java2.policy file, 7-3
- configuring for JAAS provider, 7-9
- java.lang.SecurityManager, 9-6
- jazn.com, 7-27
- jazn-data.xml, 7-3, 7-18, 7-26
- jazn.props file
- configuring in J2SE environments, 7-13
- JAZNUserManager, 7-16, 7-20
- enabling, 7-16
- JAZNUserManager filter element, 7-20
- jazn-web-app, 7-20, 7-21
- jazn.xml, 7-3, 7-13, 7-18
- JDBC, fat-client, 2-27, 2-31
- JDK 1.3, 7-5
- JVM, 7-7
L
- LDAP
- Oracle Internet Directory, 2-6
- server instance architecture, 2-13
- LDAP compliance, 2-12
- ldap.password property name, 7-17
- ldap.user property name, 7-14, 7-17
- .ldif files, 7-7
- location attribute, 7-13, 7-15, 7-17, 7-18
- login-config element, 7-22
- LoginModule configuration, 7-10
- LoginModules, 2-38
M
- malicious, 1-3
- MD4 hashing scheme, 2-14
- MD5 Checksum, 1-27, 2-14
- mod_oc4j, 7-5, 7-25
- mod_oc4j.conf, 7-23
- mod_ossl, 2-30, 2-31, 7-5
- optional_no_ca, not supported, 4-25
- types of browsers supported, 4-23
- mod_osso, 2-20, 7-5
- mod_osso.conf, 3-12
- mod_osso.conf file, 3-13
- mod_plsql, 2-27, 2-31
- mod_setenvif, 4-5
- mod_ssl directives not supported, 4-13
- mods, defined, 2-28
- multitier systems
- auditing, 9-3
- proxy authentication, 9-3
N
- Netegrity Site Minder, 2-20
- network security
- encryption, 1-25
- firewalls, 1-32
- Java Database Connectivity (JDBC), 9-13
- multitier connection management, 9-5
- Secure Sockets Layer, 1-21
O
- obfuscated password, 7-14, 7-17
- OC4J group, 7-27
- OpenSSL, 2-31
- optional_no_ca, not supported, 4-25
- Oracle Advanced Security, 2-3, 2-27, 2-31
- Oracle Call Interface (OCI)
- JDBC-OCI driver, 9-14
- Oracle Connection Manager, 9-5
- Oracle Context, 2-15
- starter, 2-15
- Oracle Enterprise Security Manager, 1-29
- Oracle HTTP Server
- AccessConfig directive, 4-5
- allow directive, 4-4
- AuthUserFile directive, 4-10
- BrowserMatch directive, 4-8
- deny directive, 4-4
- global directives, 4-14
- .htaccess disabled, 4-6
- .htaccess file disabled, 2-30
- httpd.conf file, 2-30, 4-2, 4-10, 4-11, 4-15
- iasobf tool, 4-32
- mod_ossl, 2-31
- mod_setenvif, 4-5
- optional_no_ca, not supported, 4-25
- order directive, 4-4
- osslpassword tool, 4-32
- per-directory directives, 4-14
- per-server directives, 4-14
- Privacy Enhanced Mail (PEM), 4-27
- require directive, 4-11
- SetEnvIf directive, 4-8
- URL request handling steps, 4-2
- used with Oracle Wallet Manager, 2-30
- WWW-Authenticate header, 4-10
- Oracle Internet Directory, 2-6
- administration, delegation of, 2-14
- architecture, 2-17
- LDAP compliance, 2-12
- LDAP server instance architecture, 2-13
- MD4 hashing scheme, 2-14
- MD5 Checksum, 2-14
- Secure Hash Algorithm (SHA), 2-14
- Secure Sockets Layer (SSL), 2-14
- security benefits, 2-14
- security features, 2-12
- Oracle Internet Directory cache, 6-15
- Oracle Java SSL, 9-16
- Oracle Management Server, 2-3, 2-7
- Oracle Net, 2-27
- Oracle Password Protocol, 9-16
- Oracle Technology Network URL reference, xx, 2-9, 2-13, 2-16
- Oracle Wallet Manager, 1-22, 2-6, 2-32, 9-16
- used with Oracle HTTP Server, 2-30
- Oracle wallets, 2-6
- created with Auto Login feature, 4-15
- Oracle Web Cache Manager
- Security page, 8-2
- security settings, 8-2
- Oracle9i Single Sign-On
- dads.conf file, 3-4
- Oracle9iAS Infrastructure, 2-5, 2-7, 2-10
- Oracle9iAS Metadata Repository, 2-3, 2-5, 2-7
- Oracle9iAS Portal
- AUTHENTICATED_USERS, 6-19
- AUTHENTICATED_USERS group, 6-31
- dads.conf file, 6-35
- DBA group, 6-19, 6-31
- directory synchronized events, 6-18
- Directory Synchronized Provisioning agent, 6-15
- directory synchronized provisioning, about, 6-16
- GROUP DELETE event, 6-18
- GROUP MODIFY event, 6-18
- groupOfUniqueNames attributes, 6-14
- groupOfUniqueNames object class, 6-13
- how to create a single domain, 6-16
- inetOrgPerson object class, 6-9
- logging, 2-37
- mapping of Oracle9iAS Portal group properties to Oracle Internet Directory, 6-15
- mapping of Oracle9iAS Portal user properties to Oracle Internet Directory, 6-12
- Oracle Internet Directory cache, 6-15
- OracleDASCreateGroup group, 6-19
- OracleDASCreateUser group, 6-19
- orclGroup attributes, 6-14
- orclGroup object class, 6-13
- orclUser object class, 6-9
- orclUserV2 object class, 6-9
- PlsqlExclusionList directive, 6-35
- PORTAL schema, 6-29
- PORTAL user, 6-19, 6-30
- PORTAL_ADMIN user, 6-19, 6-31
- PORTAL_ADMINISTRATORS group, 6-19, 6-31
- PORTAL_DEMO schema, 6-30
- PORTAL_DEVELOPERS group, 6-31
- PORTAL_PUBLIC schema, 6-30
- PORTLET_PUBLISHERS group, 6-31
- ptlasst.bat, 6-6
- ptlasst.csh, 6-6
- PUBLIC user, 6-30
- RW_ADMINISTRATOR group, 6-31
- RW_BASIC_USER group, 6-32
- RW_DEVELOPER group, 6-31
- RW_POWER_USER group, 6-32
- secupoid.sql script, 6-37, 6-38
- upsecoid.sql script, 6-39
- user and group lists of values, 6-16
- USER DELETE event, 6-18
- USER MODIFY event, 6-18
- WWMON_CHART_BY_ACTION.show, 6-35
- WWMON_CHART_BY_BROWSER.show, 6-35
- WWMON_CHART_BY_DATE.show, 6-35
- WWMON_CHART_BY_IPADDRESS.show, 6-35
- WWMON_CHART_BY_LANGUAGE.show, 6-35
- WWMON_CHART_BY_OBJECT.show, 6-36
- WWMON_CHART_BY_ROWS.show, 6-36
- WWMON_CHART_BY_TIME.show, 6-36
- WWMON_CHART_BY_USER.show, 6-36
- WWMON_CHART_SEARCHES.show, 6-36
- WWSEC_FLAT$ table, 6-18
- Oracle9iAS Portal application entity, 6-8
- Oracle9iAS Portal default user accounts, 6-7
- Oracle9iAS Portal directory synchronization subscription, 6-8
- Oracle9iAS Portal group container, 6-7
- Oracle9iAS Portal groups, 6-8
- Oracle9iAS Portal objects with privilege control, 6-24
- Oracle9iAS PortalOracleDASCreateGroup group, 6-19
- Oracle9iAS Single Sign-On
- Access Partner Applications window, 3-11
- default SSL port, 3-10
- Edit SSO Server page, 3-11
- home page, 3-11
- Software Development Kit (SDK), 3-2
- ssocfg.sh script, 3-4
- Oracle9iAS Web Cache
- security settings, 8-2
- trusted subnet, 8-3
- Oracle9iAS Web Cache Manager
- cache-specific configuration
- wallet configuration, 8-9
- OracleContextDN, 7-7
- OracleDASCreateGroup group, 6-19
- OracleDASCreateUser group, 6-19
- OracleHOME_NAMEWebCache service, 8-6, 8-7
- OracleHOME_NAMEWebCacheAdmin service, 8-7
- OracleHOME_NAMEWebCacheMon service, 8-7
- orclcommonusersearchbase, 2-9
- orclGroup attributes, 6-14
- orclGroup object class, 6-13
- orclUser object class, 6-9
- orclUserV2 object class, 6-9
- order directive, 4-4
- orion-application.xml, 7-3, 7-16, 7-18, 7-19, 7-20, 7-21, 7-27
- mapping roles, 7-27
- orion-web.xml, 7-3, 7-20, 7-21
- osslpassword tool, how to use, 4-32
- OssoIPCheck directive, 3-13
P
- partner application
- cookies, 2-22
- Oracle9iAS Portal as, 2-36
- partner applications, 2-20
- password, 7-14, 7-24
- clear, 7-24
- encrypted, 7-24
- server wallet, 7-24
- password policy, 2-9
- passwords
- authentication, 1-19
- protection in directory, 2-14
- security risks, 1-11
- per package authentication, 9-9
- persistence attribute, 7-15, 7-18
- PKCS#10 certificates, 2-6, 2-32
- PlsqlCGIEnvironmentList parameter, 3-8
- PlsqlExclusionList directive, 6-35
- PORTAL schema, 6-29
- PORTAL user, 6-19, 6-30
- PORTAL_ADMIN user, 6-19, 6-31
- PORTAL_ADMINISTRATORS group, 6-19, 6-31
- PORTAL_DEMO schema, 6-30
- PORTAL_DEVELOPERS group, 6-31
- PORTAL_PUBLIC schema, 6-30
- PORTLET_PUBLISHERS group, 6-31
- postinstall.sh
- upgrading Oracle Internet Directory, 7-7
- precedence
- authentication methods, 7-21
- Privacy Enhanced Mail (PEM), 4-27
- private key, 1-19, 1-20
- property names
- ldap.password, 7-17
- ldap.user, 7-14, 7-17
- xml.permclsmgr.enable, 7-19
- xml.princlsmgr.enable, 7-19
- provider attribute, 7-13, 7-15, 7-17, 7-18
- provider types
- with JAAS provider, 7-5
- proxy authentication, 1-30, 2-31, 9-2
- directory, 9-3
- ptlasst.bat, 6-6
- ptlasst.csh, 6-6
- PUBLIC
- protecting the PL/SQL procedures, 9-11
- Public Key Certificate Standard #12 (PKCS#12), 1-22
- public key infrastructure (PKI)
- certificate-based authentication, 1-19
- cryptography, 1-18
- introduction, 1-17
- PUBLIC user, 6-30
R
- RC4 encryption algorithm, 1-26
- RealmLoginModule class
- configuring for JAAS provider in non-SSO authentication environments, 7-4
- configuring for JAAS provider in SSL and Basic authentication environments, 7-10
- RealmPrincipal class, 7-27
- require directive, 4-11
- role-name element, 7-27
- roles
- mapping in the orion-application.xml file, 7-27
- secure application, 9-4
- secure application role, 9-4
- root certificate, 1-21
- RSA certificates, 2-32
- RSA Data Security RC4, 1-26
- run-as element, 7-25
- RunAsClient, 2-40
- RunAsID, 2-40
- runas-mode, 7-20, 7-21
- RW_ADMINISTRATOR group, 6-31
- RW_BASIC_USER group, 6-32
- RW_DEVELOPER group, 6-31
- RW_POWER_USER group, 6-32
S
- scalability
- security, 1-16
- secupoid.sql script, 6-37, 6-38
- secupoid.sql script, running it, 6-37
- secure application roles, 9-4
- Secure Hash Algorithm (SHA), 1-27, 2-14
- Secure Sockets Layer (SSL)
- advantages in multitier, 1-21
- network security, 1-21
- Oracle Internet Directory, 2-14
- versions supported with mod_ossl, 4-13
- security
- access control, 1-12
- authentication, 1-17, 9-8
- authorization, 1-12
- availability, 1-14
- central directory, 1-16
- certificates, 1-20, 1-21
- credentials, storage, 1-22
- deep data protection, 1-15
- denial of service attack, 1-14
- fault containment, 1-15
- firewalls, 1-32
- hosting and data exchanges, 1-8
- Internet, 1-15
- Java implementation, 9-6
- multitier systems, 1-16
- Oracle Internet Directory, 2-12
- password threats, 1-11
- password vulnerabilities, 1-11
- PKI, 1-17
- PL/SQL procedures granted to PUBLIC, 9-11
- private key, 1-20
- requirements, 1-16
- root certificate, 1-21
- scalability, 1-16
- scope of issues, 1-6
- secure application role, 9-4
- tradeoffs, 1-9
- user management, 1-15, 1-16
- virtual private database (VPD), 9-5
- security role, 7-25
- security settings for Oracle9iAS Web Cache, 8-2
- SecurityManager class, 9-6
- server wallet, 7-23
- server wallet directory, 7-23
- ServerName directive, 3-6
- servlet, 7-25
- Set SSL to on, 7-23
- SetEnvIf directive, 4-8
- single sign-on
- external applications, 2-20
- mod_osso, 2-20
- Netegrity Site Minder, 2-20
- single sign-on (SSO), 1-22, 7-20
- cookie, 2-21
- initial authentication, 2-21
- integration with LDAP, 2-26
- Java applications with, 2-38
- partner application authentication process, 2-22
- partner application cookies, 2-22
- partner applications, 2-20
- PKI support, 2-26
- SSL encryption of cookies, 2-22
- support for legacy and third-party applications, 2-19
- Single Sign-On home page, 3-11
- single source of control (SSC), 1-24
- single station administration (SSA), 1-24
- sr_manager
- security role, 7-25
- SSA (single station administration), 1-24
- SSC (single source of control), 1-24
- SSL, 1-29
- SSL authentication
- enable, 7-23
- SSL Virtual Host context, 3-7
- SSL_CLIENT_CERT environment variable, 3-8
- SSL_CLIENT_S_DN environment variable, 3-8
- SSL-enabled applications, 7-5
- SSLEngine directive, 3-6
- SSLVerifyClient directive, 3-6
- SSLWallet directive, 3-6
- SSO cookies, 2-11
- SSO See single sign-on (SSO)
- SSO_TIMEOUT_ID cookie, 3-12
- ssocfg.sh script, 3-4, 3-10
- ssodnmap.pks package, 3-9
- SSO-enabled applications, 7-5
- ssogito.sql script, 3-12
- storage
- secure credentials, 1-22
- subscriber's user searchbase, 2-9
T
- Triple DES (3DES), 1-26
- trusted subnet for Oracle9iAS Web Cache administration, 8-3
U
- unauthorized, 1-3
- upsecoid.sql script, 6-39
- user ID for Oracle9iAS Web Cache administration, 8-4
- user management, 1-15, 1-16
- users
- authorization of, 1-24
V
- VeriSign, 2-32
- virtual private database (VPD)
- introduction, 9-5
W
- wallets, 2-6
- changing a password, 5-15
- closing, 5-13
- configuring
- Oracle9iAS Web Cache, 8-9
- considerations for Windows NT and 2000, 8-7
- creating, 5-11
- credential storage, 1-22
- credentials, 1-18
- deleting, 5-14
- managing, 5-11
- managing certificates, 5-17
- managing trusted certificates, 5-21
- opening, 5-13
- saving, 5-13
- web.xml, 7-3, 7-21, 7-22, 7-25
- WWMON_CHART_BY_ACTION.show package, 6-35
- WWMON_CHART_BY_BROWSER.show, 6-35
- WWMON_CHART_BY_DATE.show, 6-35
- WWMON_CHART_BY_IPADDRESS.show, 6-35
- WWMON_CHART_BY_LANGUAGE.show, 6-35
- WWMON_CHART_BY_OBJECT.show, 6-36
- WWMON_CHART_BY_ROWS.show, 6-36
- WWMON_CHART_BY_TIME.show, 6-36
- WWMON_CHART_BY_USER.show, 6-36
- WWMON_CHART_SEARCHES.show, 6-36
- WWW-Authenticate header, 4-10
X
- X.509 Version 3 certificates, 2-6, 9-2
- with Oracle HTTP Server, 2-29
- xml.permclsmgr.enable property name, 7-19
- xml.princlsmgr.enable property name, 7-19