Oracle Application Server 10g Essentials [Electronic resources] نسخه متنی

4.1 Oracle Application Server Security Objectives

Oracle Application Server is designed to provide both basic and
advanced security services while adhering to security standards.
Oracle Application Server provides the following security services:

Authentication

Verifies
the identity of users and
systems requesting applications, resources, and data (see the
sidebar, "Identity Management").

Authorization

Provides system-level
determination and granting of the proper level of privileges to users
or systems, thus possibly limiting their ability to use applications
or resources or to manipulate data.

Access control

Grants access
to applications, data, and other resources consistent with security
policies based on the authentication of the user, the authorization
she has, and the type of access being requested.

Accountability and intrusion detection

Ensures that activities
contrary to policies are detected and recorded.

Data protection

Protects
data from access by unauthorized users via such mechanisms as
encryption and integrity checks.

In managing Oracle Application Server, your security goal should be
to deploy the product in such a way that it can pass an independent
security assessment. In such a secure deployment, you also need to
consider coding practices, eliminate single points of failure in the
security mechanism, set minimal privileges as a default, and enable
intrusion detection to limit damage from security breaches. Those are
extensive security topics that go well beyond the scope of this
chapter. See the Appendix, however, for additional sources of
security information.