Skip Headers
Oracle® Enterprise Manager Policy Reference Manual
11g Release 1 (11.1.0.1)

E17019-03
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

7 OC4J Policy

This chapter provides the following information for the Oracle Application Server Containers for J2EE (OC4J) policy:

The OC4J policies are categorized as follows:

7.1 Configuration Policies

The configuration policies for the OC4J target are:

7.1.1 Non-Shared Software Library Existence

This policy checks that all the software libraries are shared among all the Oracle Management servers.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Configuration OC4J Oracle Application Server 9.0.4.x and Oracle Application Server 10.1.2.x The underlying metric has a collection frequency of once every 24 hours. Yes Not Available.

Footnote 1 The policy rule is evaluated each time its underlying metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

None

Impact of Violation

Not available

Action

Not available.

7.2 Security Policies

Security Policies for the OC4J target are:

7.2.1 OC4J Password Indirection

This policy verifies that password indirection is used in OC4J XML configuration and deployment files.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security OC4J Oracle Application Server 9.0.4.x and Oracle Application Server 10.1.2.x The underlying metric has a collection frequency of once every 24 hours. Yes Password indirection is not used in configuration file %FILE_NAME%.

Footnote 1 The policy rule is evaluated each time its underlying Password_Indirection metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

None

Impact of Violation

Embedding these passwords into deployment and configuration files poses a security risk, especially if the permissions on the files allow them to be read by any user.

Action

To avoid this problem, OC4J provides password indirection and password obfuscation.