To protect the DCD in Oracle WebServer 2.x:
1. Connect to the Oracle WebServer Administration page.
2. Choose the Oracle Web Listener link.
3. Choose Configure for the appropriate listener.
4. Choose Security: Access Control and Encryption.
5. Enter usernames and passwords in either the Basic or Digest Authentication sections.
Basic authentication allows you to assign passwords to users, assign users to groups, and define sets of users and groups, called "realms." You can then assign the users, groups, and realms to specific files and directories, requiring requestors to provide a username and password to gain access. Basic authentication sends unencrypted passwords across the network, making this method subject to subversion. Basic authentication is not recommended when security is critical.
Digest authentication is the same as basic authentication except that it sends passwords encrypted across the network in the form of a cryptographic checksum, also called a "digest." You should use this scheme whenever authentication is required, although some older web browsers may not support it.
6. Assign your users to a group for the appropriate authentication method.
7. Assign the group to a realm for the appropriate authentication method.
8. Choose the Modify Listener button to save your changes.
9. Navigate back to the Listener Administration page.
10. Choose Web Request Broker and choose the Modify link.
11. Scroll to the Protecting Applications section.
12. Enter the following values in the fields:
Virtual Path Scheme Realm
<virtual_path> <Basic/Digest/> <realm_name>
<virtual_path> represents the virtual path of the PL/SQL agent's shared files, as defined in the Applications and Directories section of the Web Request Broker Administration page. Specify the scheme as either Basic or Digest. <realm_name> represents the realm name that you specified for your authentication scheme.
13. Choose Modify WRB Configuration to save your changes.
14. Restart the listener.
Note: You must set protection in the Web Request Broker section and not the Protection section of the Listener Administration page.