This page lists down resources related to security including local database enhanced encryption, enhanced database security, deployment server as a managed server, JMX security, long user ID, long passwords, user defined objects security, and secure FTP for media objects.
Tools 9.1: Reconfiguremsde.exe is the utility that encrypts/decrypts the local database user password.
Tools 9.2: ReconfigureDB.exe is the utility that encrypts/decrypts the local database user password.
With EnterpriseOne Tools Release 9.2.0.0 and later using an Oracle local database, the method of creating passwords has changed. The previous method is referred to as using Legacy encryption; by contrast, the new method uses Enhanced encryption.
Enhanced encryption is applicable only to an Oracle local database when using Tools Release 9.2.0.0 and greater.
Legacy encryption is used with an Oracle local database when using Tools Releases prior to 9.2.0.0 or with SQL Server Express (using any supported Tools Release).
Action: For Oracle 12c, run the ReconfigureDB.bat utility to use enhanced encryption/decryption.
For Oracle releases prior to 12c, and for SSE, run the ReconfigureDB.bat utility to choose between legacy or enhanced encryption/decryption.
For more information, see these topics in the JD Edwards EnterpriseOne Applications Upgrade Guide:
Tools 9.1: All tables are created and shipped with PUBLIC ALL authority.
Tools 9.2: For an installation, all tables delivered by the Platform Pack installer are locked down.
For an upgrade, only NEW tables delivered by the installer are locked down.
For both installation and upgrades, the installer grants Select, Insert, Delete, and Update permissions to the end user role defined in the Platform Pack installer on the Administrator and End User Roles screen. It grants these privileges as well as the right to create indexes to the administrator role.
For an upgrade, the installer does not modify any security that you have put in place for existing tables.
Note: The installer does not lock down the logic artifacts during the Platform Pack execution - only the tables.
Action: The security setup defined in the Platform Pack installation or upgrade must also be set up in EnterpriseOne.
In order to maintain the security on the tables, you must set up the security definition using P986117 (signed into JDEPLAN) before running the Installation Workbench. Any new tables that the Workbenches create (for example the TC Workbench or the Environment Workbench) will be created according to the rules in F986117. For more information, see Managing Data Source Security in the JD Edwards EnterpriseOne Security Administration Guide.
Tools 9.1: Not applicable.
Tools 9.2: Provided functionality to encrypt sensitive data in the .ini files used by JD Edwards EnterpriseOne.
Starting with EnterpriseOne Tools Release 9.2, the EnterpriseOne encryption system uses a site key to add a higher level of security for sensitive data stored in configuration files and databases. The site key is combined with other values to create an AES key. The encryption system then uses the AES key to encrypt individual data items. Encryption using AES is the industry-standard for achieving a highly secure encryption.
The site key values are not stored in the program code. Because site keys are stored and encrypted in the JDE.INI file, each customer has a unique site key, which provides a higher level of security.
Action: Set up encryption before an EnterpriseOne installation using a command line utility program on the Deployment Server. You can also set up encryption after an installation through Server Manager. Both methods involve using a site key for encryption. For more information, see Encrypting Sensitive Data in EnterpriseOne in the JD Edwards EnterpriseOne Security Administration Guide.
Tools 9.1: Not applicable.
Tools 9.2: The Java Management Extension (JMX) protocol is now used to communicate with deployed Server Manager agents through a socket connection.
Action: A new installation of EnterpriseOne Tools 9.2 automatically includes an additional layer of security for JMX. However, if you are upgrading Server Manager to EnterpriseOne Tools Release 9.2, you must manually implement the additional security for JMX after performing the upgrade. For more information, see Implementing Security for JMX in the JD Edwards EnterpriseOne Server Manager Guide.
Tools 9.2: As with releases prior to EnterpriseOne Tools 9.2, out of the box, EnterpriseOne user IDs (sometimes referred to as 'short' user IDs) are limited to a maximum of 10 characters. Starting with EnterpriseOne Tools 9.2, administrators have the OPTION to enable the Long User ID feature to enable users to sign in to EnterpriseOne with a user ID that has a minimum of six characters and a maximum of 254 characters. This feature provides flexibility to support longer formats such as an email address format.
Action: Enable the 'Long User ID' feature setting. This setting enables all EnterpriseOne systems that require credentials to accept long user IDs.
Note: Once enabled, the Long User ID feature cannot be disabled. However, if you enable the Long User ID setting but then decide not to create long user IDs, EnterpriseOne will still accept short user IDs as sign-in credentials. For more information, see Setting Up Long User IDs in EnterpriseOne in the JD Edwards EnterpriseOne Security Administration Guide.
Tools 9.1: Not applicable.
Tools 9.2: As with releases prior to EnterpriseOne Tools 9.2, out of the box, EnterpriseOne passwords are limited to a maximum of 10 characters (sometimes referred to as 'short' passwords). With EnterpriseOne Tools 9.2, administrators have the OPTION to enable the Long Password feature, which enables users to create case-sensitive passwords with up to a maximum of 40 characters.
Action: Enable the "Long Password" feature setting. This setting enables all EnterpriseOne systems that require credentials to accept long passwords.
Note: When the Long Password feature is enabled, users can continue to use their existing 'short' passwords for sign-in, as long as their passwords meet the criteria defined in the password policies. For more information, see Enabling Long Passwords in EnterpriseOne in the JD Edwards EnterpriseOne Security Administration Guide.
Tools 9.1: Not applicable
Tools 9.2: Administrators can enable or disable the user defined object (UDO) features, as well as set up security for viewing, creating, and modifying individual UDOs.
EnterpriseOne provides UDO security features in the Security Workbench to enable administrators to control:
Action: Enable access to the user defined object security and administration applications, then set up security for user defined object features and user defined objects. For more information, see Managing Security for User Defined Objects in the JD Edwards EnterpriseOne Security Administration Guide.
Tools 9.1: Only non-secure FTP is available.
Tools 9.2: Secure FTP (SFTP) for media object access on the HTML Server and Business Services Server is configurable using Server Manager.
Action: Oracle recommends using SSH file transfer protocol, otherwise referred to as Secure FTP (SFTP), for accessing media objects as a more secure alternative to FTP. When EnterpriseOne is configured to use SFTP for media objects, users can securely upload, download, and delete media objects. For more information, see these topics in the JD Edwards EnterpriseOne Security Administration Guide (for HTML Server):
Action: Oracle recommends using SSH file transfer protocol, otherwise referred to as Secure FTP (SFTP), for accessing media objects as a more secure alternative to FTP. When EnterpriseOne is configured to use SFTP for media objects, users can securely upload, download, and delete media objects. For more information, see these topics in the JD Edwards EnterpriseOne Security Administration Guide (for HTML Server):