Documente Academic
Documente Profesional
Documente Cultură
2
Security Enhancements
Prepared by: Stephen Kost, Integrigy
@integrigy
1 2 3 4 5
Application Web
Security Security
1 2 3 4 5
Application Web
Security Security
WebLogic JSP
Oracle
HTTP
https UIX 11g Oracle
Client Server
11gR2
Browser = Database
Apache APPS
BC4J
2.0
BI Publisher 10.1.2
Forms 10.1.2
INST_TOP INST_TOP
Performance directives,
Oracle HTTP log configuration, ports,
Server mod_perl, mod_wl_ohs,
etc.
Concurrent
Processing, Profile
E-Business Suite Options, Developer
10g, Product Specific
Settings
Agenda
1 2 3 4 5
Application Web
Security Security
System
GL Super Users Administrator HR Super Users
Responsibility
Accounting HR Flexfield
FND Value Sets
Flexfield Value Sets
Flexfield Value Set Security
• Additional Patches Required
• Requires the mandatory Patch 17305947:R12.FND.C
OA Framework (OA.jsp)
11,600 pages
Client https Apache Database
Browser Core Servlets
APPS
WebLogic 84 servlet classes
Oracle Forms
3,300 forms
Allowed JSP Lists
• Explicit list of allowed JSP pages
• Limits access to unused JSP pages for modules not
configured or licensed
• Must be manually enabled
• Enabled by default in 12.2.6
• See the Oracle EBS Security Guide manual for
instructions on usage
Profile
Description
Option Name
include allowed_jsps_FIN.conf
include allowed_jsps_HR.conf
include allowed_jsps_Leasing.conf
include allowed_jsps_Procurement.conf
include allowed_jsps_SCM.conf
include allowed_jsps_CRM.conf
include allowed_jsps_VCP.conf
include allowed_jsps_diag_tests.conf
Default Passwords – Fresh Install
Of 191 database accounts, only default password is
APPLSYSPUB/PUB
New Database
Version Upgrade From
Accounts
12.0.4 IZU
1 2 3 4 5
Application Web
Security Security
1 2 3 4 5
Application Web
Security Security
Profile
Description
Option Name
1 2 3 4 5
Application Web
Security Security
web: www.integrigy.com
Stephen Kost
e-mail: info@integrigy.com
Chief Technology Officer
blog: integrigy.com/oracle-security-blog
Integrigy Corporation
youtube: youtube.com/integrigy