| Oracle® Retail Home Oracle Retail Home Security Guide Release 3.0.2 F16689-01 |
|
 Previous |
 Next |
| Oracle® Retail Home Oracle Retail Home Security Guide Release 3.0.2 F16689-01 |
|
Previous |
Next |
Oracle Retail Home is a portal-based application for the RGBU enterprise designed to provide a central view and entry point into a customer's Retail applications. The UI provides a tile-based dashboard highlighting important metrics and PKIs across RGBU applications. The dashboards are configured by a Retail Home administrator for each enterprise role.This chapter focuses on the secure deployment and configuration of the Retail Home client and services in a cloud environment. This includes deployment in both Weblogic Server and hosted container environments.
The following principles are fundamental to using any application securely.
Good security requires keeping up to date with the latest releases and patches of installed software. This document assumes Retail Home is up to date and being run in updated and supported environments.
Retail Home uses REST services for communication between the client and server. Ensure that the server is deployed in a secure network environment and that all access goes through appropriate firewalls and authentication mechanisms. Additionally, be sure that other network resources used by the application, such as databases and other RGBU applications, are likewise deployed in secure environments.
Retail Home restricts administrative duties to users assigned administrator roles. Ensure that these roles are not assigned except to users who need them.
When running in a hosted container, Retail Home must use a User ID that can read the wallet files with its credentials. The wallets should therefore be created as a non-root user, and that user should not have any extra permissions beyond what is needed to run the container.
