Skip Headers

Oracle9i Application Server Security Guide
Release 2 (9.0.2)
Part Number A90146-01
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index

Go to previous page Go to next page


Preface

This document presents basic Web security concepts and describes the Oracle9i Application Server security framework and how to use it. First, it provides a survey of security issues and requirements that arise when operating private business systems in the public Internet environment. Then it introduces the security features of Oracle9i Application Server and provides configuration information for setting up a secure middle tier.

This preface contains these topics:

Audience

The Oracle9i Application Server Security Guide is intended for security administrators, application developers, database administrators, system operators, and other Oracle users who perform the following tasks:

To use this document, you need to have general knowledge of Web server administration, Internet concepts, and networking concepts.

Organization

This document contains:

Chapter 1, "Security Fundamentals in a Web Environment"

This chapter introduces the fundamental concepts of communication and data security in an Internet environment, and outlines the threats against which data and systems must be defended.

Chapter 2, "Oracle9i Application Server Security Architecture and Features"

This chapter describes the Oracle9i Application Server security framework, including its architecture. It describes each element and how they work together.

Chapter 3, "Configuring Oracle9iAS Single Sign-On"

This chapter describes the security features of Oracle9iAS Single Sign-On and provides basic configuration information for setting up single sign-on in the middle tier. It includes information about enabling other elements of Oracle9i Application Server to use Oracle SSO technology.

Chapter 4, "Configuring HTTP Server Security"

This chapter describes the security features of Oracle HTTP Server and provides basic configuration information for setting up a secure HTTP server, including how to configure it for basic authentication and to use Secure Sockets Layer (SSL).

Chapter 5, "Using Oracle Wallet Manager"

This chapter describes how to use Oracle Wallet Manager, a software program for requesting, storing, and managing digital certificates in Oracle wallets.

Chapter 6, "Configuring Oracle9iAS Portal Security"

This chapter describes the security features of Oracle9iAS Portal and provides basic configuration information for setting up a secure corporate portal.

Chapter 7, "Configuring JAAS Support"

This chapter describes how to configure Java Authentication and Authorization Services (JAAS) for Java 2 Standard Edition (J2SE) and Java 2 Enterprise Edition (J2EE) environments.

Chapter 8, "Configuring Security for Oracle9iAS Web Cache"

This chapter describes the security features of Oracle9iAS Web Cache and provides basic security configuration information.

Chapter 9, "Configuring Secure Database Access by Oracle9i Application Server"

This chapter outlines the steps for configuring secure access to an Oracle database from Oracle9i Application Server.

Glossary

This glossary contains terms that are pertinent to Web security and Oracle environments.

Related Documentation

For more information, see these Oracle resources.

Descriptions of documents have been added to some listings to guide you to where specific security information can be found. Where document titles are self-explanatory, no description is provided.

Oracle9i Application Server Documentation Library contains the following documents unless otherwise specified:

Oracle9i Application Server Platform-specific Documentation contains the following documents:

Oracle Database Documentation Library contains the following documents:

In North America, printed documentation is available for sale in the Oracle Store at 

http://oraclestore.oracle.com/

Customers in Europe, the Middle East, and Africa (EMEA) can purchase documentation from 

http://www.oraclebookshop.com/

Other customers can contact their Oracle representative to purchase printed documentation.

To download free release notes, installation documentation, white papers, or other collateral, please visit the Oracle Technology Network (OTN). You must register online before using OTN; registration is free and can be done at 

http://otn.oracle.com/admin/account/membership.html

If you already have a user name and password for OTN, then you can go directly to the documentation section of the OTN Web site at 

http://otn.oracle.com/docs/index.htm

To access the database documentation search engine directly, please visit 

http://tahiti.oracle.com

Conventions

This section describes the conventions used in the text and code examples of this documentation set. It describes:

Conventions in Text

We use various conventions in text to help you more quickly identify special terms. The following table describes those conventions and provides examples of their use.

Convention Meaning Example

Bold

Bold typeface indicates terms that are defined in the text or terms that appear in a glossary, or both.

When you specify this clause, you create an index-organized table.

Italics

Italic typeface indicates book titles or emphasis.

Oracle9i Database Concepts

Ensure that the recovery catalog and target database do not reside on the same disk.

UPPERCASE monospace (fixed-width) font

Uppercase monospace typeface indicates elements supplied by the system. Such elements include parameters, privileges, datatypes, RMAN keywords, SQL keywords, SQL*Plus or utility commands, packages and methods, as well as system-supplied column names, database objects and structures, usernames, and roles.

You can specify this clause only for a NUMBER column.

You can back up the database by using the BACKUP command.

Query the TABLE_NAME column in the USER_TABLES data dictionary view.

Use the DBMS_STATS.GENERATE_STATS procedure.

lowercase monospace (fixed-width) font

Lowercase monospace typeface indicates executables, filenames, directory names, and sample user-supplied elements. Such elements include computer and database names, net service names, and connect identifiers, as well as user-supplied database objects and structures, column names, packages and classes, usernames and roles, program units, and parameter values.

Note: Some programmatic elements use a mixture of UPPERCASE and lowercase. Enter these elements as shown.

Enter sqlplus to open SQL*Plus.

The password is specified in the orapwd file.

Back up the datafiles and control files in the /disk1/oracle/dbs directory.

The department_id, department_name, and location_id columns are in the hr.departments table.

Set the QUERY_REWRITE_ENABLED initialization parameter to true.

Connect as oe user.

The JRepUtil class implements these methods.

lowercase italic monospace (fixed-width) font

Lowercase italic monospace font represents placeholders or variables.

You can specify the parallel_clause.

Run Uold_release.SQL where old_release refers to the release you installed prior to upgrading.

Conventions in Code Examples

Code examples illustrate SQL, PL/SQL, SQL*Plus, or other command-line statements. They are displayed in a monospace (fixed-width) font and separated from normal text as shown in this example: 

SELECT username FROM dba_users WHERE username = 'MIGRATE';

The following table describes typographic conventions used in code examples and provides examples of their use.

Convention Meaning Example

[ ]

Brackets enclose one or more optional items. Do not enter the brackets.

DECIMAL (digits [ , precision ])

{ }

Braces enclose two or more items, one of which is required. Do not enter the braces.

{ENABLE | DISABLE}

|

A vertical bar represents a choice of two or more options within brackets or braces. Enter one of the options. Do not enter the vertical bar.

{ENABLE | DISABLE}

[COMPRESS | NOCOMPRESS]

...

Horizontal ellipsis points indicate either:

  • That we have omitted parts of the code that are not directly related to the example

  • That you can repeat a portion of the code

CREATE TABLE ... AS subquery;

SELECT col1, col2, ... , coln FROM employees;

.

.

.

Vertical ellipsis points indicate that we have omitted several lines of code not directly related to the example.

Other notation

You must enter symbols other than brackets, braces, vertical bars, and ellipsis points as shown.

acctbal NUMBER(11,2);

acct CONSTANT NUMBER(4) := 3;

Italics

Italicized text indicates placeholders or variables for which you must supply particular values.

CONNECT SYSTEM/system_password

DB_NAME = database_name

UPPERCASE

Uppercase typeface indicates elements supplied by the system. We show these terms in uppercase in order to distinguish them from terms you define. Unless terms appear in brackets, enter them in the order and with the spelling shown. However, because these terms are not case sensitive, you can enter them in lowercase.

SELECT last_name, employee_id FROM employees;

SELECT * FROM USER_TABLES;

DROP TABLE hr.employees;

lowercase

Lowercase typeface indicates programmatic elements that you supply. For example, lowercase indicates names of tables, columns, or files.

Note: Some programmatic elements use a mixture of UPPERCASE and lowercase. Enter these elements as shown.

SELECT last_name, employee_id FROM employees;

sqlplus hr/hr

CREATE USER mjones IDENTIFIED BY ty3MU9;

Conventions for Microsoft Windows Operating Systems

The following table describes conventions for Microsoft Windows operating systems and provides examples of their use.

Convention Meaning Example

Choose Start >

How to start a program.

To start the Database Configuration Assistant, choose Start > Programs > Oracle - HOME_NAME > Configuration and Migration Tools > Database Configuration Assistant.

File and directory names

File and directory names are not case sensitive. The following special characters are not allowed: left angle bracket (<), right angle bracket (>), colon (:), double quotation marks ("), slash (/), pipe (|), and dash (-). The special character backslash (\) is treated as an element separator, even when it appears in quotes. If the file name begins with \\, then Windows assumes it uses the Universal Naming Convention.

c:\winnt"\"system32 is the same as C:\WINNT\SYSTEM32

C:\>

Represents the Windows command prompt of the current hard disk drive. The escape character in a command prompt is the caret (^). Your prompt reflects the subdirectory in which you are working. Referred to as the command prompt in this manual.

C:\oracle\oradata>

The backslash (\) special character is sometimes required as an escape character for the double quotation mark (") special character at the Windows command prompt. Parentheses and the single quotation mark (') do not require an escape character. Refer to your Windows operating system documentation for more information on escape and special characters.

C:\>exp scott/tiger TABLES=emp QUERY=\"WHERE job='SALESMAN' and sal<1600\"

C:\>imp SYSTEM/password FROMUSER=scott TABLES=(emp, dept)

HOME_NAME

Represents the Oracle home name. The home name can be up to 16 alphanumeric characters. The only special character allowed in the home name is the underscore.

C:\> net start OracleHOME_NAMETNSListener

ORACLE_HOME and ORACLE_BASE

In releases prior to Oracle8i release 8.1.3, when you installed Oracle components, all subdirectories were located under a top level ORACLE_HOME directory that by default used one of the following names:

  • C:\orant for Windows NT

  • C:\orawin95 for Windows 95

  • C:\orawin98 for Windows 98

This release complies with Optimal Flexible Architecture (OFA) guidelines. All subdirectories are not under a top level ORACLE_HOME directory. There is a top level directory called ORACLE_BASE that by default is C:\oracle. If you install Oracle9i release 1 (9.0.1) on a computer with no other Oracle software installed, then the default setting for the first Oracle home directory is C:\oracle\ora90. The Oracle home directory is located directly under ORACLE_BASE.

All directory path examples in this guide follow OFA conventions.

Refer to Oracle9i Database Getting Starting for Windows for additional information about OFA compliances and for information about installing Oracle products in non-OFA compliant directories.

Go to the ORACLE_BASE\ORACLE_HOME\rdbms\admin directory.

Documentation Accessibility

Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Standards will continue to evolve over time, and Oracle Corporation is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For additional information, visit the Oracle Accessibility Program Web site at 

http://www.oracle.com/accessibility/
Accessibility of Code Examples in Documentation

JAWS, a Windows screen reader, may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, JAWS may not always read a line of text that consists solely of a bracket or brace.

Accessibility of Links to External Web Sites in Documentation

This documentation may contain links to Web sites of other companies or organizations that Oracle Corporation does not own or control. Oracle Corporation neither evaluates nor makes any representations regarding the accessibility of these Web sites.

Go to previous page Go to next page
Oracle
Copyright © 2002 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index