| Oracle® Retail Mobile Merchandising Security Guide Release 15.0 E65652-01 |
|
 Previous |
 Next |
This chapter gives an overview of the product and explains the general principles of application security.
Oracle Retail Mobile Merchandising provides on-the-go visibility into certain Oracle Retail Merchandising application transactions and provides the ability, in some cases, to take action on existing transactions. The specific functions supported within Mobile Merchandising are:
Recent Allocations
Sales Audit (ReSA)Dashboard
Sales Audit Store Search
Invoice Matching
The following principles are fundamental to using any application securely.
It is a good practice to keep all software versions and patches up to date.
Keep both the middle-tier and the database behind a firewall. Additionally, place a firewall between the middle-tier and the database. These firewalls ensure that access to these systems is restricted to a known network route which can be monitored and restricted. The alternative is a firewall router that substitutes for multiple and independent firewalls.
If firewalls cannot be used, configure the TNS Listener Valid Node Checking feature which restricts access to IP addresses. Restricting database access by IP address can cause application client/server programs to fail for DHCP clients. Methods to resolve this include using static IP addresses, a software/hardware VPN or Windows Terminal Services, or its equivalent.
The principle of least privilege requires users be given the least amount of access to perform their jobs. Excessive granting of responsibilities, roles, grants, and so on (especially early on in an organization's life cycle when people are few and work needs to be done quickly) often leaves a system open to abuse. User privileges should be reviewed periodically to determine relevance to current job responsibilities.
System security stands on three fundamentals: good security protocols, proper system configuration, and system monitoring. The third requirement is met by auditing and reviewing system records. Each component within a system has some degree of monitoring capability. Follow audit advice in this document and regularly monitor audit records.
Oracle continually improves its software and documentation. For latest versions, see >https://support.oracle.com regularly.
