Oracle® Retail Warehouse Management System Security Guide Release 14.1 E58743-01 |
|
Previous |
Next |
This chapter discusses security related aspects of RWMS architecture.
RWMS 14.1 has been developed using both Oracle ADF and Oracle Forms with integration between both components. This requires that the deployment of RWMS involves two instances of a WebLogic Application Server; one hosting the ADF Application and the other hosting the Oracle Forms Application.
The RWMS application will use the following mechanisms to secure the application:
A standard JAAS based application server based authentication for user identification and setting access roles.
An ADF based JAZN security model to map enterprise roles obtained from the previous step to application roles defined within the application to provide another layer of abstraction.
The new architecture necessitates the secure passing of user credentials from ADF Application to Forms Application. A new table, RWMS_USER_SESSIONS, has been created for this purpose. The ADF Application will insert a valid row in this table after a successful login. Forms Application will verify the contents of this table and after successful validation will allow the application to continue. After validation, the Forms Application will delete the corresponding row in the table.
To ensure that there are no orphaned records in the RWMS_USER_SESSIONS table (which may provide valuable information to attackers) a database job RWMS_PURGE_SECURITY_OBJ runs every 2 minutes to remove the records which are more that 120 seconds old.
Hardening
The frequency of the database job RWMS_PURGE_SECURITY_OBJ can be changed by running the shell script rwms_alter_purge_sec_obj_sch.sh. The parameter value is in minutes. For example, a value of 1 can be passed as the parameter to change the frequency of the job to 60 seconds.
Setting the frequency to a lower value could be an additional burden on the database and would need to be evaluated in the production scenario. It is suggested that the interval be not more than 60 minutes to ensure that all the sensitive information is cleared.
Since RWMS is now deployed on two WebLogic Instances (ADF and Forms), timeout of the application needs to be tightly coupled between these two servers. Timeout for the Oracle Forms Application will not be set, so that the ADF Application will invalidate both the sessions and exit the application.
If the Forms Application is active, it will send a keep-alive request to the ADF Application to keep the ADF Application active as well. If the timeout of the ADF Application is 60 minutes, the keep-alive request will be sent every 15 minutes.
To ensure that the keep-alive request is not sent from malicious applications, a record is inserted into the XDOMAIN_MESSAGES table before the keep-alive request is sent. The ADF Application will then validate the inserted record in the XDOMAIN_MESSAGES table and upon successful validation keep itself alive. If the validation fails then the ADF Application will insert a message in XDOMAIN_QUEUE. This will be browsed by the corresponding Forms Application and the Forms Application will then close itself. The ADF Application will also invalidate the session.
Hardening
Hardening may be carried out by doing the following:
Set the timeout of the ADF Application to a reduced interval. The default timeout is 35 Minutes.
The frequency of the database job RWMS_PURGE_SECURITY_OBJ can be changed by running the shell script rwms_alter_purge_sec_obj_sch.sh. An increased purge rate will improve security but may slow the application.
All the tables that store sensitive information (including PII data and Application User Credentials) are created in an encrypted tablespace. This is to ensure that the printable strings in the datafiles are hidden away from attackers. Following is the list of tables which are stored in encrypted tablespace.
A new database runtime user has been introduced to prevent breach of privileges. This should be used to login to RWMS Application. This user will have only the required privileges to run the application. This user or wallet alias for this user should be the value provided for userid in formsweb.cfg file. Refer to the Oracle Retail Warehouse Management System Installation Guide for detailed information on the formsweb.cfg
entries.