Skip Navigation Links | |
Exit Print View | |
Oracle Java CAPS Security Guide Java CAPS Documentation |
Securing Your Java CAPS Environment
Authentication and Authorization
Securing Java CAPS Repository Components
Securing the Production Environment
Securing the GlassFish Server in Production
Securing Oracle Java CAPS JMS IQ Manager
Developing Secure Applications
Before you begin to develop Java CAPS applications and deploy them to a production environment, determine your security needs and make sure that you take the appropriate security measures. The following sections provide a starting point for analyzing your security requirements:
Keep in mind the security requirements for all the different environments in which you work, including development, testing, and production.
To better understand your security needs, ask yourself the following questions:
Which resources am I protecting?
Many resources in the production environment can be protected, including information in databases accessed by the application server and the availability, resources, and applications of Java CAPS, NetBeans, and the GlassFish Server.
From whom am I protecting the resources?
For most web sites, resources must be protected from everyone on the internet. But should the web site be protected from the employees on the intranet in your enterprise? Should your employees have access to all resources within the Java CAPS environment? Should the system administrators have access to all Java CAPS resources? Should the system administrators be able to access all data? You might consider giving access to highly confidential data or strategic resources to only a few well-trusted system administrators. It might be best to allow no system administrators access to the data or resources.
What will happen if the protections on strategic resources fail?
In some cases, a fault in your security scheme is easily detected and considered nothing more than an inconvenience. In other cases, a fault might cause great damage to companies or individual clients that use the web site. Understanding the security ramifications of each resource will help you protect it properly.
Whether you deploy the Java CAPS applications on the internet or on an intranet, it is a good idea to hire an independent security expert to review your security plan and procedures, audit your installed systems, and recommend improvements. Oracle On Demand offers services and products that can help you to secure a GlassFish Server production environment. For more information, see the Oracle On Demand page.
Read about security issues:
For the latest information about securing web servers, Oracle recommends the “Security Practices & Evaluations” information available from the CERT Coordination Center operated by Carnegie Mellon University at http://www.cert.org/.
Register your Java CAPS installation with My Oracle Support. By registering, Oracle Support will notify you immediately of any security updates that are specific to your installation. You can create a My Oracle Support account by visiting http://www.oracle.com/support/index.html.
For GlassFish Server and NetBeans security advisories, refer to the Critical Patch Updates and Security Alerts page at http://www.oracle.com/technetwork/topics/security/alerts-086861.html.