0% found this document useful (0 votes)
7 views

Administering Oracle 11.5.10 Server Security

Uploaded by

Adnaan Adnaan
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
7 views

Administering Oracle 11.5.10 Server Security

Uploaded by

Adnaan Adnaan
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Administering Oracle 11.5.

10 Server Security

Oracle Applications Release 11i is deployed in a multi-tier configuration with one database server and many possible
middle-tier application servers. The application servers include Apache JSP/Servlet, Forms, Discoverer and also some client
programs such as Application Desktop Integrator. Any program which makes a SQL*Net connection to the Oracle
Applications database needs to be trusted at some level. Oracle Applications uses the Server Security feature to ensure that
such SQL*Net connections are coming from trusted machines and/or trusted programs.

The Server Security feature of Application Object Library supports authentication of application server machines and
code modules in order to access the database. When Server Security is activated, application servers are required to supply
server IDs (like passwords) and/or code IDs to access a database server. Server IDs identify the machine from which the
connection is originating. Code IDs identify the module and patch level from which the connection is originating. Code IDs are
included in applications code by development. The database server can be set to allow access only from specific machines
and/or by code at a desired patch level. The application server security feature is not initially activated. You should activate it
by using the commands described in this section. Application Server Security can be OFF or in one of two active states:

• OFF - Server security is not checked. Any application server machine can access the database. Code IDs are also not checked.
Use this option on test systems or if you have full control over the software on all machines which can physically access your
database.

• ON - Some level of trust is required to access the database. Either the application server must be registered with the database
or the code must pass a module and version ID known to be trusted. Use this option only if you wish to maintain compatibility
with application servers that you cannot yet patch to the code level required for best security.

• SECURE - Full trust is required for access to the database. Only registered application server machines may connect to the
database, and only trusted code modules may connect to the database.

You might also like