1 Security Considerations
This section lists security considerations for Enterprise Back Office user types.
Considerations for Administrators and Application Users
Keep the following in mind when administering and using applications:
-
Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.
-
Monitor system activity. Establish who should access which system components, and how often, and monitor those components.
-
When done using an application, log off before closing the browser session.
-
Reporting and Analytics uses cookies to improve the application experience by remembering visits and activity. If you disable cookies, you will have to enter your user name and enterprise name each time you login, you will not be redirected to the last page you were working on when you login, you may have to sign in more often, and in some cases you may not be able to login.
-
Keep up to date with GDPR information at https://support.oracle.com/epmos/faces/DocumentDisplay?id=114.2.
Considerations for Developers
For clients that call web services hosted by Oracle, use Transport Layer Security (TLS) 1.1 or above to avoid man-in-the-middle attacks. Web client developers should enforce encrypted data transport when the application transports sensitive data and should validate that all certificates are legitimate and signed by public authorities.
Restrict ciphers to modern implementations.