Skip Headers
Oracle® Retail POS Suite Security Guide
Release 14.1
E54480-01
Next
Contents
Title and Copyright Information
Send Us Your Comments
Preface
Audience
Documentation Accessibility
Related Documents
Customer Support
Review Patch Documentation
Improved Process for Oracle Retail Documentation Corrections
Oracle Retail Documentation on the Oracle Technology Network
Conventions
1
Overview
Dependent Applications
Oracle Retail POS Suite Web Application Deployment
Security Features Overview
Securing Sensitive Data
Cardholder Data
Cryptographic Functionality
System Memory
Communication with Oracle Retail Central Office and Back Office
Securing the Application
Passwords
Web Applications
Development and Testing
Live PAN Numbers
Default Accounts and Passwords
Tools
Klocwork
Findbugs
HP Fortify
Nessus
Nikto
Wikto
Paros
Wireshark
Tamper Data
WebInspect
Vulnerability Management
Injection Flaws
Insecure Cryptographic Storage
Insecure Communications
Improper Error Handling
Cross Site Scripting
Improper Access Control
Cross-Site Request Forgery
Securing the Application Environment and Configuration
Database
Parameters and System Configurations
Remote Access
Encryption and Hashing
Encryption
Hashing
Detailed Technical Overview
Logical Distribution
Static Model
Encrypted Data Structure
Interaction Patterns
J2EE Session Bean
POS POJO
2
Application Administration
Roles and Permissions
Other Common Application Administration
Securing Web Services
WS-Security
Web Service Security Implementation
Oracle Retail Returns Management Web Service
Oracle Retail Store Inventory Management Web Service
Securing JMS
Application Specific Feature Administration
POS Suite Applications Audit Log
3
Considerations for Extending and Customizing Products
Log Files
Coding Concerns for Log Files
Training
Common Points for Extension or Customization
Encryption Service Interfaces for Oracle Retail POS Suite Applications
A
Appendix: Database Security-Related Practices
Application Schema Owners
Database Security Considerations
Restricted Access to Purge Scripts
Creating a Database Schema Owner and Data Source Users for Oracle Database
Special Security Options for Oracle Databases
Default Application Administrative Users
B
Appendix: Secure JDBC with Oracle 12c Database
Creating the Oracle Wallet and Certificate for the Database Server
Securing the Listener on the Server
Examples of Network Configuration Files
listener.ora
sqlnet.ora
tnsnames.ora
Securing Client Access
Application Specific Instructions
Oracle Retail Point-of-Service
Oracle Retail Back Office and Central Office
Configure the Application Server Machine
Secure the Data Source
C
Appendix: Secure JMS
D
Appendix: Credential Store Framework
Oracle Retail Point-of-Service CSF Implementation
E
Appendix: SSL Server Certificates
KeyTool Utility Example
F
Appendix: Wallet Management Tool
Updating an Existing Credential
Adding a New Credential
G
Appendix: Secure Services and Protocols
Securing the Network
Resources
Securing the Register System
Validate System Integrity
Apply Any Missing Operating System Patches
Disable Unnecessary Components
Secure the Desktop
Securing the Mobile Point-of-Service Client
Physical Security
Audit and Monitoring
Equipment Storage and Disposal
H
Appendix: Secure Web Services
WS-Security
Web Service Security Implementation
RSB Web Services
Non-RSB Web Services
JAX-WS Handlers
Oracle Retail Store Inventory Management Web Service
I
Appendix: Secure RMI
J
Appendix: Configuration Example
Glossary