This section contains security recommendations for the desktop used to run web browsers that connect Oracle E-Business Suite.
See My Oracle Support article KA1039, Recommended Browsers for Oracle E-Business Suite Releases 12.2 and 12.1, for information about securing the desktop.
Update the browser when new versions are released; they often include security bug fixes.
Check the browser for built-in safety features.
Upgrade to Java Runtime Environment (JRE) 8 with Java Web Start.
Apply the latest JRE updates in a timely manner.
For more information, see the following My Oracle Support articles:
KA1140, FAQ: Essentials of Java Usage in Oracle E-Business Suite
KA923, Identifying the Latest Critical Patch Update for Oracle E-Business Suite Release 12.2
For kiosk machines, change the browser's autocomplete settings. Although convenient for frequently accessed pages, for privacy and security reasons this feature should be disabled.
Also consider disabling the "remember password" function, or use a primary password for the saved password store.
People may attempt to access an unattended workstation while another user is still logged into the system. The users should never leave their workstation unattended while logged into the system because it makes the system accessible to others who may walk up to the computer. Organizations should set a corporate policy for handling unattended PC sessions. Users are recommended to use the password-locked screen savers feature on all PCs.
Use the following profile option to set the FileStreaming security policy for the no-store directive. The recommended value is set by default.
| Profile Option Name | Code (Internal Name) | Recommended Value |
|---|---|---|
| FND: Security FileStreaming No-Store | FND_SEC_FILESTREAM_NOSTORE | SECURE |
The FND: Security FileStreaming No-Store profile option values are as follows:
SECURE - This value enables Secure mode, where the no-store directive is used to prevent caching for all content. This is the default and recommended profile option value.
CHROMIUM_PDF_WA - This value allows for the caching of PDF content on Chromium-based browsers. Set the profile option to CHROMIUM_PDF_WA when users expect the ability to save PDF content directly from the in-browser PDF viewer.
INSECURE - This value enables Insecure mode and allows the caching of all content.