Contents

Security overview Application security overview General security principles Require complex and secure passwords Change passwords periodically Keep passwords private and secure Require secure session practices Lock computers to protect data Provide only the necessary rights to perform an operation Secure installation and configuration Installation overview Transport Layer Security (TLS) Install only the InForm features needed About entering passwords Configure strong administrator passwords Close all unused ports Disable all unused services Add a nosniff header Post-installation configuration Restrict access to InForm server machines Configure strong user passwords Configure rights and rights groups Change the pfuser password as required Run pfadmin Update IIS with the new pfuser password Update COM+ applications with the new password Security features User security features Password configuration for user security Passwords for new users Login security No data loss after a session transaction Automatically inactivated user accounts Restricted access to the application Application security features Users assigned to user types Rights assigned to rights groups Users assigned to rights groups Users assigned to groups Users assigned to sites Display overrides Changed Cognos user groups Data security features Restricted viewing of Protected Health Information Audit trails for data security Freezing and locking data Considerations for using email Considerations for configuring email notifications Considerations for using automated emails for gathering subject data Legal notices About the documentation Where to find the product documentation Documentation accessibility Access to Oracle Support