2 Installing and configuring the Oracle Empirica Signal software
The Oracle Empirica Signal Installation and Upgrade Instructions include procedures that install the application and system components into a secure state by default.
The accounts that you create during the installation also have
restrictive permissions by default. In addition to performing the standard installation
procedures, you can perform the steps in this chapter to secure the Oracle Empirica Signal software.
- Configure Oracle WebLogic Server to use TLS
Before you install the Oracle Empirica Signal software, obtain a TLS certificate, install the certificate on the application server, and configure Oracle WebLogic Server to use the certificate. - Use a separate port for the Oracle Empirica Signal application
Install the Oracle Empirica Signal application so that the application listens on a different port than the Oracle WebLogic Server administration console and Oracle Enterprise Manager console. The Installation and Upgrade Instructions describe how to configure the Oracle Empirica Signal application to use a unique port. - Enable only what is required
When you have completed the installation, disable features that you might not use, such as LDAP, in the site options. - Execute scripts without passwords on the command line
When you are required to authenticate to your Oracle Database during the Oracle Empirica Signal installation, do not provide database account passwords as arguments from the Command Prompt. - Reset the Read Only attribute
The standard Oracle Empirica Signal installation requires you to make several files editable. - Use secure Oracle Empirica Signal database and Oracle Empirica Topics credentials
The Oracle Empirica Signal Installation and Upgrade Instructions include directions for configuring database and Oracle Empirica Topics credentials. - Turn on the HttpOnly, Secure, and SameSite flags for session cookies within Oracle WebLogic Server for the Oracle Empirica Signal software
Using the HttpOnly, Secure, and SameSite flags when generating a cookie helps mitigate the risk of a client-side script accessing the protected cookie and the cookie being tempered during transmission. - Establish best practices for downloading data
The Oracle Empirica Signal software provides the option to download table data to a Microsoft Excel spreadsheet or to other file types, such as PDF. - Route email to a secure address
In the Oracle Empirica Signal software, provide secure email addresses for the From Email Address, and Error Email site options. - Use TLS
Oracle strongly recommends configuring Oracle WebLogic Server to use TLS and accessing the Oracle Empirica Signal software using only TLS connections. For more information, see the Installation and Upgrade Instructions. - Encrypt the database connection
If you install the Oracle Empirica Signal software and Oracle Database software on different servers, secure configuration requires encryption of the communication channel between the servers. - Install the Oracle Empirica Signal application on a separate managed server
Do not install the Oracle Empirica Signal application on the Oracle WebLogic Server administration server. - Install the Oracle Analytics Server
You must install and configure Oracle Analytics and its components securely. - Installing the Oracle Database software
This section describes how to install the Oracle Database software securely. - Secure Oracle Empirica Topics Development
Follow secure development guidelines for Oracle Empirica Topics development.