| Oracle® Retail Merchandising Security Guide Release 14.1 E55776-01 |
|
 Previous |
 Next |
Customization and extending capabilities is an important part of any application. This chapter discusses how to securely implement customizations and extensions such that they do not jeopardize application security.
If customization is required it should be done in such a way that no built-in explicit security features would be circumvented. Customization should be done using provided customization toolkit.
It is recommended to perform secure code analysis after code customization to identify potential secure coding standard violations.
If additional integration is required and credentials are required then the customization should store those additional credentials in the Secure Wallet along with all other RPM credentials (in RPM partition). Credential population should be done by a script provided with RPM. If additional EJB are required, they should be protected by the same authorization as pre-existing EJBs. For more information, see the Oracle Retail Price Management Installation Guide.
