Table of Contents

• Title and Copyright Information
• Preface
  • Documentation accessibility
  • Diversity and Inclusion
  • Related resources
  • Access to Oracle Support
• 1 Security Guide
  • Introduction
  • General Security Principles
    • Restrict Network Access to Critical Services
    • Monitor System Activity
    • Set Up a Change Management Process
    • Change Passwords Periodically
    • Keep Passwords Private and Secure
    • Use Profiles
    • Lock Computers to Protect Data
    • Close All Open Ports Not in Use
    • Secure the Environment
    • Provide Only the Necessary Rights to Perform an Operation
  • Secure Installation and Configuration
    • Install Critical Patch Updates (CPUs) and Critical Patch Set
    • Use SSL (HTTPS) Between Browser and Web Server
    • Signed Certificates for HTTPS
    • Disable Unused Services
    • Replace Verbose Errors with Custom Messages
    • Secure the WebLogic Server
    • Provide Security for Session-Tracking Cookies
    • Provide Security for Cross-Frame Scripting
    • Configure Strong Passwords on the Database
    • Hide Oracle Forms Version Numbers
    • Secure the Reports Server
  • Application Security Features
    • Secure the Reports Server
    • TMS Security
      • Use Data Access Groups to Restrict Access to the Application
      • Enforce Password Security
      • Database Roles and Menu-Based Security