Security guidelines
Follow these guidelines for secure development.
- Transport-level security
The Oracle Empirica Topics web service client must use HTTPS connection to secure all data communication with the Oracle Empirica Topics web service. - Message-level security
The Oracle Empirica Topics web service client must use WS SECURITY and a user name token policy with a Oracle Empirica Topics web service user name and password. This policy is used to connect securely to the Oracle Empirica Topics web service and to authenticate the client for each API call. - Access control security
The Oracle Empirica Topics web service client must include a user name in the input field TopicsServiceContext.username for all API calls except forgetTopicsServiceProperties
. ThegetTopicsServiceProperties
API call is available to any user. - Request parameter validation
The Oracle Empirica Topics web service validates API input fields for content and size.
Parent topic: Secure development guidelines