Bookshelf Home | Contents | Index | PDF |
Siebel Security Guide > Communications and Data Encryption > About Configuring Encryption for Web ClientsThis topic describes the encryption options available for Web client communications. To use encryption, both the server and the client must enforce encryption in their connection parameters. If these parameters do not match, connection errors occur. Siebel Business Applications support the following types of clients:
For more information about some of the Siebel client types described above, see also Siebel Deployment Planning Guide. About Session CookiesThe AOM in the Siebel Server communicates with the Siebel Web Client through the Web server using TCP/IP protocol. An independent session is established to serve incoming connection requests from each client. Siebel Business Applications use session cookies to track the session state. These session cookies persist only within the browser session and are deleted when the browser exits or the user logs off. A session cookie attaches requests and logoff operations to the user session that started at the login page. Instead of storing the session ID in clear text in the client's browser, Siebel Business Applications create an encrypted session ID and attach an encryption key index to the encrypted session ID. Session cookie encryption uses a 56-bit key default. In Siebel Remote, the encryption algorithm and key exchange are the same as for session-based components. Session cookie encryption prevents session spoofing (deriving a valid session ID from an invalid session ID). For more information about session cookies, see About Using Cookies with Siebel Business Applications. |
Siebel Security Guide | Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |