1. Secure Development Guide
  2. About this guide
  3. Addressing the Top Security Risks for Oracle Life Sciences IAMS APIs
  4. Broken Authentication

Broken Authentication

Risks associated with broken authentication and session management are often due to these functions not being implemented properly. As previously stated, custom authentication mechanisms should not be implemented. They have not been implemented for the Oracle Life Sciences IAMS Inbound User Provisioning Service API, which uses a BASIC authentication mechanism. The session is created on request and destroyed at the end of the response. Each API request must be accompanied by BASIC authentication headers to prevent session hijacking.

Parent topic: Addressing the Top Security Risks for Oracle Life Sciences IAMS APIs