This chapter describes the services available for securing the search-related services from SQL injections in Oracle WebCenter Content.
This chapter covers the following topics:
This security component is enabled by default and can be invoked by an Admin user in Oracle WebCenter Content.
The locations for specific Security service are listed within each individual service.
The following services can be used when the Security component is enabled in Oracle WebCenter Content:
This service gets the current security configuration that is set in the WebCenter Content application.
Location: IdcHomeDir/components/OracleAdvancedSecurityConfig/resources/securityconfig_service.idoc
ResultSets:
CoreQueryTextSecurityConfig: Information about the Core QueryText Security Configuration.
dName: Name of the field.
dValue: Value of the field.
This service allows the Admin user to update the security configuration.
Location: IdcHomeDir/components/OracleAdvancedSecurityConfig/resources/securityconfig_service.idoc
Additional Required Service Parameters
IsCoreQueryTextSecurityEdit: Set this flag to true in binder local data for each service request to update Core Security Configuration section. If not set, no update will be sent to this Core Security Configuration section.
CORE_QUERYTEXT_SECURITY_ENABLED: To enable/disable validation of QueryText in GET_SEARCH_RESULTS service.
CORE_CUSTOM_TABLES: Semicolon(;) separated list of tables whose columns will be allowed in QueryText.
CORE_CUSTOM_FIELDS: Semicolon(;) separated list of field names to be allowed in QueryText.
IsFfQueryTextSecurityEdit: Set this flag to true in binder local data for each service request to update FrameworkFolders Security Configuration Section. If not set, no update to this FrameworkFolders Security Configuration Section.
FF_QUERYTEXT_SECURITY_ENABLED: To enable/disable validation of QueryText in FrameworkFolders.
FF_CUSTOM_TABLES: Semicolon(;) separated list of tables whose columns will be allowed in QueryText.
FF_CUSTOM_FIELDS: Semicolon(;) separated list of field names to be allowed in QueryText.
ResultSets:
CoreQueryTextSecurityConfig: Information about the Core QueryText Security Configuration.
dName: Name of the field.
dValue: Value of the field.
FolderQueryTextSecurityconfig: Information about the FrameworkFolders QueryText Security Configuration.
dName: Name of the field.
dValue: Value of the field.