This chapter provides an overview of the DIVAdirector product and explains the general principles of application security.
Oracle DIVAdirector is a tool for interacting with existing Oracle DIVArchive systems. The User Interface (UI) is delivered graphically through a web browser. DIVAdirector consists of the following major components:
The DIVAdirector Server provides interfaces with DIVArchive through the C++ API for all operations which are requested by DIVAdirector Web. It also synchronizes discovered object info stored in DIVArchive into its own database. It monitors configured Drop Folders for proxies, metadata, operations, and maintains history of all Drop Folders and UI operations.
The web module of DIVAdirector provides a Web-based UI interface, allowing users to search for discovered objects in DIVArchive, administer user access rights, add metadata for assets, play proxies of objects and perform operations such as Restore, Oracle DIVArchive Partial File Restore and Delete, on items added to work bins or shot lists. It also provides users the ability to browse files locally and to archive content to the DIVArchive system.
The following sections describe the fundamental principles that are required to use any application securely.
Stay current with the version of DIVAdirector that you run. You can find current versions of the software for download at the Oracle Software Delivery Cloud:
DIVAdirector uses the following TCP/IP ports:
tcp/7680
for user interface commands
tcp/8080
for the HTTP Server
DIVAdirector provides a default SuperAdmin user whose password should be changed after first login. Then this user can create other users with different group permissions for access and operations.
If the default password is not changed, it leaves the system accessible to possible malicious activity. The default password must be changed immediately after installation and configuration for the SuperAdmin account, and every 180 days (minimum) thereafter. Once the change has been made, you must store the passwords in a safe location, offline, where they can be made available for Oracle Support if needed.
You can monitor system activity to determine how well DIVAdirector is operating. Logs are located at C:\Program Files (x86)\DIVAdirector 5\cmg-server
and C:\Program Files (x86)\DIVAdirector 5\www\logs
.
You can access several sources of security information. For security information and alerts for a large variety of software products see
The primary way to keep up to date on security matters is to run the most current version of the DIVAdirector software.