Skip Headers

Table of Contents Image Oracle9i Application Server Security Guide
Release 2 (9.0.2)

Part Number A90146-01
Go To Documentation Library
Go To Product List
Solution Area
Go To Index

Go to next page


Title and Copyright Information

Send Us Your Comments


Related Documentation
Documentation Accessibility

1 Security Fundamentals in a Web Environment

Promises and Problems of the Internet
Introduction to Security Issues
Security Vulnerabilities
Changed Processes
Higher Volumes
More Valuable Data
Attributes Needed for Successful Security
Hosted Systems and Exchanges
Trade-offs Between Security and Other Business Needs
Security Needs in an Internet Environment
Password-Related Threats
Unauthorized Access to Data
Network Attacks
Data Corruption
Loss or Display of Confidential Information
Denial of Service
Fault Containment
Complex User Management Requirements
Multitier Systems
Scaling the Security Administration of Multiple Systems
Security Considerations in an Internet Environment
Considerations for Use of Public Key Infrastructure (PKI)
Authentication Considerations
Certificates and Certificate Authorities
Secure Sockets Layer (SSL) Authentication and X.509v3 Digital Certificates
Storing Secure Credentials in an LDAP-Compliant Directory
Single Sign-on
Authorization Considerations
Encryption Considerations
Data Integrity Considerations
Web Browser Security
Security for Database Access
Enterprise User Security
Authentication and Digital Certificates
Connecting From the Middle Tier to the Database
Proxy Authentication

2 Oracle9i Application Server Security Architecture and Features

Introduction to Oracle9iAS
Security Architecture of Oracle9iAS
Elements of Oracle9iAS Security Architecture
Oracle9i Application Server Implementation of Public Key Infrastructure (PKI)
Secure Sockets Layer
Oracle Wallets
Oracle Wallet Manager
Oracle Internet Directory
What to Install to Get the Security You Require
Default User Password Policy in Oracle9iAS
Centralized User Provisioning and Single Sign-On in Oracle9iAS
Overview of Centralized User Provisioning and Single Sign-On Model
Benefits of Centralized User Provisioning and Single Sign-On
Oracle Internet Directory Overview
Overview of Security in Oracle Internet Directory
The Oracle Context: A Directory Administration and Delegation Model
How Oracle Internet Directory is Implemented
Delegated Administration Service (DAS)
Oracle9iAS Single Sign-On Overview
Oracle9iAS Single Sign-On Components
Functional Overview of Oracle9iAS Single Sign-On
Authorization, Authentication, and SSL in Oracle9iAS
Oracle HTTP Server Security
Oracle HTTP Server Security Services Overview
Access Control, User Authentication, and Authorization with Oracle HTTP Server
Secure Sockets Layer (SSL) and PKI with Oracle HTTP Server
Secure Access to an Oracle Database with Oracle HTTP Server
Oracle Wallet Manager Overview
Oracle9iAS Portal Security Overview
Introduction to Oracle9iAS Portal
Portal Users
Portal Groups
Portal Authentication
Portal Authorization
Application Integration with Oracle9iAS Portal
Oracle9iAS Portal Support for HTTPS
Auditing in Oracle9iAS Portal
JAAS Security
Authentication Features of JAAS
Authorization Features of JAAS
Delegation Features of JAAS
Oracle9iAS Web Cache Security
How to Proceed from Here

3 Configuring Oracle9iAS Single Sign-On

Single Sign-On Overview
Configuring Security Features for Oracle9iAS Single Sign-On
Enabling the Single Sign-On Server for SSL
Configuring Oracle9iAS Single Sign-On for Digital Certificates
System Requirements
Configuration Tasks
Oracle HTTP Server (SSL)
Single Sign-On DAD (mod_plsql)
User Name Mapping Module
Oracle Internet Directory
Single Sign-On Server
Enabling Timeouts
Configuring the SSO Session Timeout
Configuring the Global User Inactivity Timeout
Enabling IP Checking
Enabling IP Checking for the Oracle9iAS Single Sign-On Server
Enabling IP Checking for Mod_osso
Managing Password Policies

4 Configuring HTTP Server Security

Overview of Oracle HTTP Server Security
Specifying Configuration Parameters in httpd.conf
Understanding Host-Based Access Control
Access Control for Virtual Hosts
Overview of Host-Based Access Control Schemes
Controlling Access by IP Address
Controlling Access by Domain Name
Controlling Access by Network or Netmask
Controlling Access with Environment Variables
Overview of User Authentication
Using Basic Authentication and Authorization with mod_auth
What Directives to Use for Basic Authentication Configuration with mod_auth
User Authorization
Using Secure Sockets Layer (SSL) to Authenticate Users
About Securing HTTP Communication with mod_ossl
Understanding Classes of Directives Used for Configuring SSL
Using mod_ossl Directives
Using the iasobf Utility to Encrypt Wallet Passwords

5 Using Oracle Wallet Manager

About Public Key Infrastructure (PKI)
Wallet Password Management
Strong Wallet Encryption
Microsoft Windows Registry
Oracle Wallet Functions
Backward Compatibility
PKCS #12 Support
Importing Third-Party Wallets
Exporting Oracle Wallets
Multiple Certificate Support
LDAP Directory Support
Managing Wallets
Starting Oracle Wallet Manager
Creating a New Wallet
Opening an Existing Wallet
Closing a Wallet
Saving Changes
Saving the Open Wallet to a New Location
Saving in System Default
Deleting the Wallet
Changing the Password
Using Auto Login
Enabling Auto Login
Disabling Auto Login
Managing Certificates
Managing User Certificates
Adding a Certificate Request
Importing the User Certificate into the Wallet
Removing a User Certificate from a Wallet
Removing a Certificate Request
Exporting a User Certificate
Exporting a User Certificate Request
Managing Trusted Certificates
Importing a Trusted Certificate
Removing a Trusted Certificate
Exporting a Trusted Certificate
Exporting All Trusted Certificates
Exporting a Wallet

6 Configuring Oracle9iAS Portal Security

Portal Security Model
User Authentication and Privilege Model
Portal Security Architecture
Relationship between Oracle9iAS Portal and Oracle9iAS Single Sign-On
Relationship between Oracle9iAS Portal and Oracle Internet Directory
Relationship between Oracle9iAS Portal and the Oracle Directory Integration Server
Relationship between Oracle9iAS Portal and Delegated Administration Service
Creating Users and Groups
User Portlet
Portal User Profile Portlet
Group Portlet
Portal Group Profile Portlet
Granting Access Privileges
Access Tab
Administering Portal Security
Security Settings Upon Installation
Oracle9iAS Portal Default Schemas and Accounts
Post-Installation Security Checklist
Configure mod_plsql Settings
Safeguard Passwords for Lightweight Oracle9iAS Portal Users
Remove Unnecessary Objects
Revoke Public Access to Provider Components
Control Access to Administration Pages
Protect Oracle9iAS Portal Monitoring Packages
Consider SSL and the Login Portlet
Consider LDAP over SSL for Oracle Internet Directory Connections
Change the Application Entity Password
Changing LDAP Settings on the Global Settings Page
Cache for Oracle Internet Directory Parameters
Oracle Directory Integration Server Synchronization
Group creation base DN
Group Search Base Distinguished Name (DN)

7 Configuring JAAS Support

What JAAS Components Do You Need to Configure?
Sample Files
Performing Configuration Tasks Common to J2SE and J2EE Environments
Task 1: Ensure That You Installed the Correct Components
Task 2: Load the JAZN Schema and Default Entries into Oracle Internet Directory (Optional)
Task 3: Specify JAAS as the Policy Provider (optional)
Task 4: Configure a Java2 Policy File (optional)
Task 5: Create a LoginModule Configuration File (optional)
Task 6: Perform Configuration Tasks Unique to Your Java Environment
Performing Configuration Tasks Unique to J2SE Environments
Task 1: Configure the JAAS Property File
Task 1a: Configure the LDAP-Based Provider Type for J2SE
Task 1b: Configure the XML-Based Provider Type for J2SE
Performing Configuration Tasks Unique to J2EE Environments
Task 1: Configure the JAAS Provider and Enable the JAZNUserManager
Task 1a: Configure the LDAP-Based Provider Type for J2EE (Optional)
Task 1b: Configure the XML-Based Provider Type for J2EE
Task 2: Configure an Authentication Method and Filter Modes
Task 3: Configure Your Application for SSL Environments
Task 4: Configure mod_oc4j to Delegate HTTP Requests to OC4J
Task 5: Configure the Security Role (run-as)
RealmPrincipal Class
Differences between <jazn> Tags and the <user-manager> Property

8 Configuring Security for Oracle9iAS Web Cache

Modifying Default Security Settings
Configuring HTTPS Protocol Support
Task 1: Create Wallets
Enabling Wallets to Open on Windows
Task 2: Configure HTTPS Listening Ports and Wallet Location
Task 3: Permit Only HTTPS Requests for a Site

9 Configuring Secure Database Access by Oracle9i Application Server

Providing for Secure Access to the Oracle9i Database Server
Proxy Authentication with Oracle9iAS
Auditing for Multitier Applications
Secure Application Roles
Application Query Rewrite: Virtual Private Database (VPD)
Selective Encryption of Stored Data
Middle-Tier Connection Management
Java Security Implementation in the Database
Class Execution
SecurityManager Class
Securing Application Database Access Through mod_plsql
Introduction to mod_plsql
Authenticating Users Through mod_plsql
Basic (Database Controlled Authentication)
Oracle9i Application Server Basic Authentication Mode
Global OWA, Custom OWA, and Per Package (Custom Authentication)
Protecting the PL/SQL Procedures Granted to PUBLIC
Providing Secure Database Connections with JDBC
Introduction to Java Database Connectivity (JDBC)
Java Encryption Features of Oracle Advanced Security
JDBC-Oracle Call Interface Driver
JDBC Thin Driver for Applets and Application
JDBC Server-Side Thin Driver
Oracle Java SSL
Secure Connections for Virtually Any Client



Go to next page
Copyright © 2002 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Go To Product List
Solution Area
Go To Index