Oracle® Enterprise Manager Policy Reference Manual 11g Release 1 (11.1.0.1) E17019-01 |
|
![]() Previous |
![]() Next |
This chapter provides the following information for the Oracle Application Server Containers for J2EE (OC4J) policy:
Brief description of the policy
Summary of the policy's main properties
Default values for the policy: parameters with their default values and objects excluded by default
Impact of the policy violation
Action to perform when the violation occurs
The OC4J policies are categorized as follows:
The configuration policies for the OC4J target are:
This policy checks that all the software libraries are shared among all the Oracle Management servers.
Policy Summary
The following table lists the policy's main properties.
Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
---|---|---|---|---|---|---|
Warning | Configuration | OC4J | Oracle Application Server 9.0.4.x and Oracle Application Server 10.1.2.x | The underlying metric has a collection frequency of once every 24 hours. | Yes | Not Available. |
Footnote 1 The policy rule is evaluated each time its underlying metric is collected.
Defaults
Parameters and Their Default Values
None
Objects Excluded by Default
None
Impact of Violation
Not available
Action
Not available.
Security Policies for the OC4J target are:
This policy verifies that password indirection is used in OC4J XML configuration and deployment files.
Policy Summary
The following table lists the policy's main properties.
Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
---|---|---|---|---|---|---|
Critical | Security | OC4J | Oracle Application Server 9.0.4.x and Oracle Application Server 10.1.2.x | The underlying metric has a collection frequency of once every 24 hours. | Yes | Password indirection is not used in configuration file %FILE_NAME%. |
Footnote 1 The policy rule is evaluated each time its underlying Password_Indirection metric is collected.
Defaults
Parameters and Their Default Values
None
Objects Excluded by Default
None
Impact of Violation
Embedding these passwords into deployment and configuration files poses a security risk, especially if the permissions on the files allow them to be read by any user.
Action
To avoid this problem, OC4J provides password indirection and password obfuscation.