Oracle® Enterprise Manager Policy Reference Manual 10g Release 5 (10.2.0.5) Part Number B16231-02 |
|
|
PDF · Mobi · ePub |
This chapter provides the following information for the Oracle Application Server Containers for J2EE (OC4J) policy:
Brief description of the policy
Summary of the policy's main properties
Default values for the policy: parameters with their default values and objects excluded by default
Impact of the policy violation
Action to perform when the violation occurs
The OC4J policies are categorized as follows:
The configuration policies for the OC4J target are:
This policy checks that all the software libraries are shared among all the Oracle Management servers.
The following table lists the policy's main properties.
Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
---|---|---|---|---|---|---|
Warning | Configuration | OC4J | Oracle Application Server 9.0.4.x and Oracle Application Server 10.1.2.x | The underlying metric has a collection frequency of once every 24 hours. | Yes | Not Available. |
Footnote 1 The policy rule is evaluated each time its underlying metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
None
Not available
Not available.
Security Policies for the OC4J target are:
This policy verifies that password indirection is used in OC4J XML configuration and deployment files.
The following table lists the policy's main properties.
Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
---|---|---|---|---|---|---|
Critical | Security | OC4J | Oracle Application Server 9.0.4.x and Oracle Application Server 10.1.2.x | The underlying metric has a collection frequency of once every 24 hours. | Yes | Password indirection is not used in configuration file %FILE_NAME%. |
Footnote 1 The policy rule is evaluated each time its underlying Password_Indirection metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
None
Embedding these passwords into deployment and configuration files poses a security risk, especially if the permissions on the files allow them to be read by any user.
To avoid this problem, OC4J provides password indirection and password obfuscation.