3.3.2 Configuring Security

Instance administrators can configure instance security, including service-level security, configuring support for Real Application Security, configuring session time out, preventing browser attacks by isolating workspaces, excluding domains from regions and Web services, configuring authentication controls, creating strong password policies, and managing authorized URLs.

Note:

To ensure the security and performance of your development environment, this functionality is not available in Application Express instances running in Oracle Cloud.

• Configuring Service-level Security Settings
  Instance administrators can configure service-level security in Manage Instance, Security, Security Settings, Security.
• Configuring HTTP Protocol Attributes
  Determine HTTPS requirements for an Oracle Application Express instance and all related applications.
• Enabling Real Application Security
  Enable Oracle Real Application Security.
• Configuring Session Timeout for an Instance
  Use the Session Timeout attributes for an instance to reduce exposure at the application-level for abandoned computers with an open web browser.
• Isolating All Workspaces in an Instance
  Instance administrators can configure limits to isolate all workspaces and prevent browser attacks. Workspace administrators can override these default values at the workspace-level.
• Defining Excluded Domains for Regions and Web Services
  Define a list of restricted domains for regions of type URL and Web services. If a Web service or region of type URL contains an excluded domain, an error displays informing the user that it is restricted.
• Configuring Authentication Controls for an Instance
  Configure authentication controls for an entire Oracle Application Express instance.
• Creating Strong Password Policies
  Instance administrators can create strong password policies for an Oracle Application Express instance.
• Managing Authorized URLs
  Create and manage a list of authorized URLs.