Oracle9i Application Server Security Guide Release 2 (9.0.2) Part Number A90146-01 |
|
This document presents basic Web security concepts and describes the Oracle9i Application Server security framework and how to use it. First, it provides a survey of security issues and requirements that arise when operating private business systems in the public Internet environment. Then it introduces the security features of Oracle9i Application Server and provides configuration information for setting up a secure middle tier.
This preface contains these topics:
The Oracle9i Application Server Security Guide is intended for security administrators, application developers, database administrators, system operators, and other Oracle users who perform the following tasks:
To use this document, you need to have general knowledge of Web server administration, Internet concepts, and networking concepts.
This document contains:
This chapter introduces the fundamental concepts of communication and data security in an Internet environment, and outlines the threats against which data and systems must be defended.
This chapter describes the Oracle9i Application Server security framework, including its architecture. It describes each element and how they work together.
This chapter describes the security features of Oracle9iAS Single Sign-On and provides basic configuration information for setting up single sign-on in the middle tier. It includes information about enabling other elements of Oracle9i Application Server to use Oracle SSO technology.
This chapter describes the security features of Oracle HTTP Server and provides basic configuration information for setting up a secure HTTP server, including how to configure it for basic authentication and to use Secure Sockets Layer (SSL).
This chapter describes how to use Oracle Wallet Manager, a software program for requesting, storing, and managing digital certificates in Oracle wallets.
This chapter describes the security features of Oracle9iAS Portal and provides basic configuration information for setting up a secure corporate portal.
This chapter describes how to configure Java Authentication and Authorization Services (JAAS) for Java 2 Standard Edition (J2SE) and Java 2 Enterprise Edition (J2EE) environments.
This chapter describes the security features of Oracle9iAS Web Cache and provides basic security configuration information.
This chapter outlines the steps for configuring secure access to an Oracle database from Oracle9i Application Server.
This glossary contains terms that are pertinent to Web security and Oracle environments.
For more information, see these Oracle resources.
Descriptions of documents have been added to some listings to guide you to where specific security information can be found. Where document titles are self-explanatory, no description is provided.
Oracle9i Application Server Documentation Library contains the following documents unless otherwise specified:
A brief graphical overview of the application server.
An overview of the application server features.
Detailed description of Oracle Internet Directory, including Delegated Administration Service and Directory Integration Service, and how to use them.
Detailed description of how to enable applications to access Oracle Internet Directory by using the C API and the PL/SQL API.
White paper that provides a complete description of the starter Oracle Context that is set up in Oracle Internet Directory when you install Oracle9iAS Infrastructure. It is available on Oracle Technology Network (OTN) at
http://otn.oracle.com/docs/index.htm
Detailed description of how to enable single sign-on for Oracle9i Application Server.
Detailed description of how to enable applications to use Oracle9iAS Single Sign-On.
Detailed description of all J2EE services that are supported by Oracle9i Application Server, including JAAS support.
Detailed description of how to configure and use Oracle HTTP Server plug-in, mod_plsql, which enables communication between the middle tier and an Oracle database.
Oracle9i Application Server Platform-specific Documentation contains the following documents:
Detailed description of what you need to install to get the security functionality that you require.
Detailed description of what you need to do if you are migrating from a previous version of Oracle9i Application Server, such as migrating digital certificates.
Detailed description of Oracle9i Application Server best practices, including security best practices.
Oracle Database Documentation Library contains the following documents:
Detailed description of how to configure and use Oracle Advanced Security, the Oracle database option that provides encryption, integrity protection, and advanced authentication to Oracle database clients and servers.
Description of the Oracle9i Database Server feature, proxy authentication, which allows Oracle9i Application Server to establish an authenticated session with the database.
Detailed description of how to enable Oracle9i Application Server to use database proxy authentication.
In North America, printed documentation is available for sale in the Oracle Store at
http://oraclestore.oracle.com/
Customers in Europe, the Middle East, and Africa (EMEA) can purchase documentation from
http://www.oraclebookshop.com/
Other customers can contact their Oracle representative to purchase printed documentation.
To download free release notes, installation documentation, white papers, or other collateral, please visit the Oracle Technology Network (OTN). You must register online before using OTN; registration is free and can be done at
http://otn.oracle.com/admin/account/membership.html
If you already have a user name and password for OTN, then you can go directly to the documentation section of the OTN Web site at
http://otn.oracle.com/docs/index.htm
To access the database documentation search engine directly, please visit
http://tahiti.oracle.com
This section describes the conventions used in the text and code examples of this documentation set. It describes:
We use various conventions in text to help you more quickly identify special terms. The following table describes those conventions and provides examples of their use.
Code examples illustrate SQL, PL/SQL, SQL*Plus, or other command-line statements. They are displayed in a monospace (fixed-width) font and separated from normal text as shown in this example:
SELECT username FROM dba_users WHERE username = 'MIGRATE';
The following table describes typographic conventions used in code examples and provides examples of their use.
The following table describes conventions for Microsoft Windows operating systems and provides examples of their use.
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Standards will continue to evolve over time, and Oracle Corporation is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For additional information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
JAWS, a Windows screen reader, may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, JAWS may not always read a line of text that consists solely of a bracket or brace.
This documentation may contain links to Web sites of other companies or organizations that Oracle Corporation does not own or control. Oracle Corporation neither evaluates nor makes any representations regarding the accessibility of these Web sites.
|
Copyright © 2002 Oracle Corporation. All Rights Reserved. |
|