Oracle® Application Server 10g Security Guide 10g (9.0.4) Part Number Part No. B10377-01 |
|
This document presents basic Web security concepts and describes the Oracle Application Server security framework and how to use it. First, it provides a survey of security issues and requirements that arise when operating private business systems in the public Internet environment. Then it introduces the security features of Oracle Application Server and provides configuration information for setting up a secure middle tier.
This preface contains these topics:
The Oracle Application Server 10g Security Guide is intended for security administrators, application developers, database administrators, system operators, and other Oracle users who perform the following tasks:
To use this document, you need to have general knowledge of Web server administration, Internet concepts, and networking concepts.
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Standards will continue to evolve over time, and Oracle Corporation is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For additional information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
JAWS, a Windows screen reader, may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, JAWS may not always read a line of text that consists solely of a bracket or brace.
This documentation may contain links to Web sites of other companies or organizations that Oracle Corporation does not own or control. Oracle Corporation neither evaluates nor makes any representations regarding the accessibility of these Web sites.
This document contains:
This chapter provides a basic overview of Oracle Application Server.
This chapter discusses the Oracle Application Server security framework, including its architecture. It describes each element and how they work together.
This chapter presents Oracle Application Server deployment options.
This chapter provides details on the recommended security topologies for Oracle Application Server.
This chapter covers common security considerations for Oracle Application Server administrators.
This appendix describes Oracle Wallet Manager and managing PKI credentials.
This glossary contains terms that are pertinent to Web security and Oracle environments.
This section lists common administration tasks and the manuals that describe them.
Task | Read... |
---|---|
General administration tasks |
|
Managing static content |
|
Controlling user access to Web content using portals |
|
Managing Oracle Application Server Web Cache |
|
Writing and deploying secure OC4J applications |
Oracle Application Server Containers for J2EE Security Guide |
Managing Oracle Application Server Wireless for security mechanisms |
|
Managing users, passwords, and privileges |
|
Managing application, resource, and data source security using Oracle Application Server Reports Services |
Oracle Application Server Reports Services Publishing Reports to the Web |
Managing user access and internalization |
Oracle Application Server Personalization Administrator's Guide |
Configuring security for Oracle Application Server Workflow |
|
Administering SSO |
Oracle Application Server Single Sign-On Administrator's Guide |
Managing certificate issues |
Oracle Application Server Certificate Authority Administrator's Guide |
For all tasks pertaining to administering and deploying Oracle Identity Management, see the Oracle Identity Management Concepts and Deployment Planning Guide.
This section lists common development tasks and the manuals that describe them.
Task | Go to... |
---|---|
Configuring SSO |
Oracle Application Server Single Sign-On Administrator's Guide |
Using |
Oracle Application Server Single Sign-On Application Developer's Guide |
Configuring Web Services |
|
Configuring Syndication Services |
Oracle Application Server Syndication Services Developer's and Administrator's Guide |
Configuring BC4J |
Oracle Business Component for Java Developing Business Components |
Using keys and certificates for SSL communication in OC4J |
Oracle Application Server Containers for J2EE Servlet Developer's Guide |
This section lists common deployment tasks and the manuals that describe them.
Task | Go to... |
---|---|
Configuring SSO |
Oracle Application Server Single Sign-On Administrator's Guide |
Configuring Forms with HTTP listener, OC4J, SSO, and OID |
|
Configuring security mechanisms in Oracle Application Server Discoverer |
Component | Go to... |
---|---|
Using Oracle Ultra Search |
|
Using Oracle Application Server ProcessConnect |
|
Setting up the database and PL/SQL to avoid known security problems |
For more information, see these Oracle resources. Descriptions of documents have been added to some listings to guide you to where specific security information can be found. Where document titles are self-explanatory, no description is provided.
The Oracle Application Server Documentation Library contains the following documents:
A brief graphical overview of the application server.
An overview of the application server features.
An overview of the Identity Management features.
Detailed description of Oracle Internet Directory, including Delegated Administration Service and Directory Integration Service, and how to use them.
Detailed description of how to enable applications to access Oracle Internet Directory by using the C API and the PL/SQL API.
Detailed description of how to enable single sign-on for Oracle Application Server.
Detailed description of how to enable applications to use Oracle Application Server Single Sign-On.
Discusses how to make effective use of the Oracle Application Server Containers for J2EE security features.
Detailed description of how to configure and use Oracle HTTP Server plug-in mod_plsql
, which enables communication between the middle tier and an Oracle database.
Oracle Application Server Platform-Specific Documentation contains the following documents:
Detailed description of what you must install to get the security functionality you require.
Detailed description of what you must do if you are migrating from a previous version of Oracle Application Server, such as migrating digital certificates.
Detailed description of Oracle Application Server best practices, including security best practices.
Oracle Database Documentation Library contains the following documents:
Detailed description of how to configure and use Oracle Advanced Security, the Oracle database option that provides encryption, integrity protection, and advanced authentication to Oracle database clients and servers.
Description of the Oracle9i Database Server feature proxy authentication, which allows Oracle Application Server to establish an authenticated session with the database.
Detailed description of how to enable Oracle Application Server to use database proxy authentication.
Printed documentation is available for sale in the Oracle Store at
http://oraclestore.oracle.com/
To download free release notes, installation documentation, white papers, or other collateral, please visit the Oracle Technology Network (OTN). You must register online before using OTN; registration is free of charge and can be done at:
http://otn.oracle.com/membership/
If you already have a username and password for OTN, then you can go directly to the documentation section of the OTN Web site at
http://otn.oracle.com/documentation/content.html
This manual uses the following conventions:
|
![]() Copyright © 2003 Oracle Corporation. All Rights Reserved. |
|