What's New in Siebel Security Hardening Guide, Version 8.1/8.2
Table 1 lists the changes described in this version of the documentation to support this release of the software. The new features described in Table 1 are available in Siebel CRM version 8.1.1.11, Siebel CRM version 8.2.2.4, and later.
Table 1. New Product Features in Siebel Security Hardening Guide, Version 8.1/8.2
|
|
Excluding Unsafe File Types from the Siebel File System |
New topic. To prevent files with a specific file extension from being saved to the Siebel File System, enable the File Ext Check system preference. |
What's New in Siebel Security Hardening Guide, Version 8.1, Rev. A and Version 8.2, Rev. A
Table 2 lists the changes in this version of the documentation to support this release of the software.
Table 2. What's New in Siebel Security Hardening Guide, Version 8.1, Rev. A and Version 8.2, Rev. A
|
|
Securing the Siebel Web Server |
Modified topic. Monitor the disk space available on your Siebel Web server to help prevent denial of service attacks. |
Securing User Session IDs |
Modified topic. If you have implemented Web Single Sign-On user authentication, then it is recommended that you set the SessionTracking parameter to Cookie. To force the Siebel Web Server Extension (SWSE) to always use cookie-based mode, set SessionTracking to Cookie, set the URLSession parameter to FALSE, and set the CookieSession parameter to TRUE. |
Securing the Siebel Client |
Modified topic. In Siebel CRM version 8.1.1.9 and 8.2.2.2 and later, you can optionally deploy Siebel Business Applications using Siebel Open UI. NOTE: The functionality described in this topic requires that you install Siebel CRM Release 8.1.1.9 or later, or 8.2.2.2 or later. For information, see the applicable Siebel Maintenance Release Guide on My Oracle Support.
|
Protecting Files and Resources |
Modified topic. If you configure Siebel-specific environment variables that include sensitive data on a server hosting a Siebel module, then encrypt the server disks. |
General Password Policies |
Modified topic. In a Siebel deployment with high-security requirements, it is recommended that you change the Siebel administrator user name and password used for Siebel utilities after you have completed the Siebel implementation process. |
About Using Web Services |
Modified topic. Passing user credentials in the URL is no longer supported in Siebel CRM. |
Displaying HTML Content |
Modified topic. Oracle recommends that you review all Control objects whose HTML Display Mode property is set to either DontEncodeData or FormatData, and consider changing the value of the property to EncodeData. |
Specifying Trusted Server Names |
New topic. To strengthen your Siebel application against attacks, specify the names of each of the individual Siebel Server computers used by your Siebel application in Siebel Tools. |
About Using HTTP Methods |
New topic. Siebel Business Applications support use of the HTTP GET and POST methods only. |
|
