1. Manuals
  2. Brands
  3. Oracle Manuals
  4. Software
  5. Application Server 10.1.3.4
  6. User manual

Setting Design Time Security; Setting Runtime Security - Oracle Application Server 10.1.3.4 User Manual

Adapters for ims/db release 3 (10.1.3.4)
Hide thumbs
Table of Contents

Advertisement

Security Considerations
1.
2.
3.
4.
Credentials: Passwords and usernames exchanged over the network are encrypted
using a pre-defined, hardcoded, 128-bit RC4 session key.
Design Time: Security within Oracle Studio to grant access to Oracle Studio itself
and to grant access to computers, user profiles and workspaces.
Run time: Security used to access IMS/DB, including controlling the daemon for
the access.

Setting Design Time Security

Setting design time security is described in the following sections:
Securing access to Oracle Studio is described in
Oracle Studio"
Securing rights to configure a computer in Oracle Studio is described in
"Specifying Users with Administrative Rights"
Securing access to user profiles is accomplished by right-clicking the relevant user
profile in Oracle Studio and selecting Change Master Password. In the dialog box
that is displayed, specify a password that must be provided in the future to edit
the specific user profile.
Securing access to workspaces is accomplished by right-clicking the relevant
workspace in Oracle Studio and selecting Set Authorization. In the dialog box that
is displayed, specify a valid user and password that must be provided in the
future to edit the specific workspace.

Setting Runtime Security

During run time, security considerations are implemented as follows:
When the client request accesses the legacy platform through the daemon, either
anonymous access is allowed or a valid user name and password must be
provided for the computer in the user profile. The userName and password
properties in the J2CA 1.5 IMS/DB adapter are used at this stage to access the
daemon.
8-12 Oracle Application Server Adapters for IMS/DB User's Guide
The client's first message to the server includes a pre-defined shared key,
includeing the key name and value in the connection string. The server gets
the key value for the key name passed from the client from the native object
store (NOS).
The server generates a random 128-bit RC4 session key which is returned
encrypted to the client, using the shared key. If no predefined shared key is
provided, then a predefined, hardcoded key is used (this key is hardcoded on
the client and on the server).
Passwords are always encrypted when passed over the wire, using an RC4,
128-bit session key, regardless of whether the entire session is encrypted or
not.
If a predefined shared key was provided, then the entire session is encrypted.
Otherwise, only the password exchange is encrypted (using the hardcoded
key).
on page 2-15.
The user name used to access the daemon must also be the
Note:
name of a user profile used.
"Setting Password Access to
on page 2-16.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Application Server 10.1.3.4 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Oracle Application Server 10.1.3.4

Related Products for Oracle Application Server 10.1.3.4

This manual is also suitable for:

Application server 10g

Table of Contents