#3 - Sensitive data exposure

Not all data is public and caution should be used to hide sensitive information from unauthorized users. Failure in security configuration and the selection of insecure defaults may pose a of risk data leakage.

Developers should use TLS 1.2 or above to consume the Clinical Data API to ensure the protection of the sensitive data and address Man-in-the-Middle attacks. Web client developers should enforce encrypted data transport when the application transports sensitive data and should validate that all certificates are legitimate and signed by public authorities. Ciphers should be restricted to modern implementations.

• Access to Oracle Support
• Accessibility
• Legal Notices

Copyright © 2020 Oracle and/or its affiliates. All rights reserved.