Configuring Oracle Traffic Director 12c with WebGate

At a recent customer install, I was faced with configuring Oracle Traffic Director (OTD) 12.2.1.2.0 Webgate with Oracle Access Manager.

Deploying Webgate on OD 12c is very well described in the documentation. See A Configuring OAM Agent (WebGate) for Oracle Traffic Director 12.2.1.2

There is however a flaw in the documentation. I came across that when I reached the point where Webgate get’s configured in the conf files (more...)

Update WordPress Installations to >4.7.2

This post is applicable for hosted wordpress installations where auto-updates are disabled. Yesterday, I noticed there was blog post "Hacked by Unknown" on Askdba blog. Post was written by White Hat Hacker who exploited the Content injection vulnerability in 4.7.0 and 4.7.1. This vulnerability allows any visitor (unauthorized user) to assume role to edit/create blog…

Oracle SOA Suite: Two-way SSL with TLS1.2 made easy (slightly less complicated)

Transport layer security (TLS) is not an easy topic. Many blogs have been written about this already. Surprisingly though, I did not find a single blog which was more or less complete and provided me with everything I needed to know to get this working on SOA Suite 12.2.1. In this blog I try to make the topic more easy to understand and provide a complete end to end example.

Suppose you only (more...)

ADF BC Groovy Expression Security Policy Configuration

Today I'm going to explain how to configure Groovy expression security policy. This could be helpful, if you dont want to change trustMode property to trusted everywhere across the app, but looking for single configuration point.

My sample app - GroovyPermissionApp.zip, contains bind variable with expression reference pointing towards custom method located in AM implementation class:


JDEV 12.2.1.2 returns compilation error for Groovy expression, can't resolve applicationModule property:


Such kind (more...)

A performance deep dive into column encryption

Actually, this is a follow up post from my performance deep dive into tablespace encryption. After having investigated how tablespace encryption works, this blogpost is looking at the other encryption option, column encryption. A conclusion that can be shared upfront is that despite they basically perform the same function, the implementation and performance consequences are quite different.

Column encryption gives you the ability to choose to encrypt per individual column, that’s kind of obvious. However, (more...)

Enable HyperFIDO U2F Key on Linux

Recently, I bought the Hypersecu HyperFIDO K5 Key to help me secure access to several websites and services with U2F (“Universal Two-Factor Authorization”). This works fine on Windows, but with Linux things get a little complicated: The key isn’t accessible to all users by default. This has to be activated using udev rules, which is widely […]

Oracle database 12.1.0.2.170117 (januari 2017 PSU) and TDE wallets

Recently, I was trying to setup TDE. Doing that I found out the Oracle provided documentation isn’t overly clear, and there is a way to do it in pre-Oracle 12, which is done using ‘alter system’ commands, and a new-ish way to do it in Oracle 12, using ‘administer key management’ commands. I am using version 12.1.0.2.170117, so decided to use the ‘administer key management’ commands. This blogpost is about an (more...)

Building a Hyper-V Environment for SharePoint / Cyberinc Entitlements Server Prototype – Part 3

In my previous post, I covered the installation of SQL Server 2016 SP1 for our Hyper-V environment. After that is completed, we are ready to install SharePoint Server 2016. That’s what I’ll be covering here. Firstly, you need to download a copy of the software. At the time of writing this post, SharePoint Server 2016 is available from Microsoft. That’s the version I’ve downloaded for installation on the VM.

Installing the Prerequisites

To start the (more...)

Linux: keyring-password for wlan needed / legitimate wlan login

Each time i resume my notebook after a suspend to disk-cycle the connection to WLAN hangs with the following message:

 (Die Systemrichtlinien verhinder das Bearbeiten von Netzwerkeinstellungen für alle Benutzer / Enter password for default keyring to unlock)
I tried to fix this via network-manager with adding the hook at the checkbox "Alle Benutzer dürfen dieses Netzwerk verwenden", but this did not help at all.
The point is, that after resuming my login keyring wants (more...)

Building a Hyper-V Environment for SharePoint / Cyberinc Entitlements Server Prototype – Part 2

In the previous post in this series, I created the Hyper-V VM environment (running Windows Server 2012 R2) I’ll be using to build SharePoint Server 2016 on. The next step is to install either SQL Server 2014 or SQL Server 2016 for the database server requirements. Because I’m a geeky sort of guy and have to be on the bleeding edge, I’m going to use SQL Server 2016 with SP1, which is available from Microsoft (more...)

Building a Hyper-V Environment for SharePoint / Cyberinc Entitlements Server Prototype – Part 1

One of the areas I’ve been investigating as a technical architect at www.archtis.com is using the Cyberinc Entitlements Server (CES) to provide attribute based access control (ABAC) access to documents stored in SharePoint. It’s an area we haven’t tested at all before, so it was important to build a prototype environment to satisfy ourselves that it really does work the way we want it to. At the time of writing this post, CES (more...)

Oracle DBSAT first experience

dbsat_chart

Last year in October Oracle released the Oracle Database Security Assessment Tool (DBSAT) to analyzes database configurations and security policies to improve the security in your environment.

Real benefits

  • quickly identify security configuration errors in the database environment
  • lauch Security best practices
  • increase the security level of your Oracle Databases
  • reduce the attack and exposure risk

What does DBSAT check

  • User Accounts, Privileges and Roles
  • Authorization Control
  • Data Encryption
  • Fine-grained Access Control
  • Auditing Policies
  • Database (more...)

Who Decommissioned My Enterprise Manager Agent?

I prefer to write blog posts about the interesting questions on OTN. This blog post is one of them. There are usually more than one EM admins managing the systems, and you may want to track other users’ activity. Enterprise Manager Cloud Control provides auditing mechanism called “comprehensive auditing”. It’s not enabled by default for all actions because it may consume a lot of disk space.

If you want to enable it for all actions, (more...)

Escape Special Characters APEX Demo

A few weeks ago I wrote more detail than expected regarding escaping of special characters.

I thought I'd add a simple demonstration, for reference.

Consider the following query, with variations of escaped column output.
with data as 
(select q'[G'day,]'||chr(10)
||'Scott<strong>loves</strong>'
||'<br>APEX<script></script>' as string
from dual)
select
-- UI default
string dflt
-- where no tags expected
,apex_escape.html(string) protected
-- good for most things
,apex_escape.html_whitelist(string) whitelisted
-- replace line feeds with HTML line break. (more...)

Re-evaluating APEX Authorization Schemes

Authorization schemes in Oracle APEX are used to control access to page, buttons, and all sorts of other components.

In my experience, these are best defined at a privilege level, where the same privilege could be allocated to multiple business roles, but that's for another post.

In this post, I want to mention a cool API function called apex_authorization.reset_cache, which helps control the behaviour of these authorization schemes.

Preface

While googling something else (more...)

Trusted Information Sharing – ABAC Architecture

In my previous post, I introduced you to the two concepts of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). ABAC resolves a number of the limitations associated with RBAC, as I discussed in that post. In this post, I wanted to drill into the architecture underlying ABAC a little bit more.

In simple terms, there are four main parts of the ABAC architecture. These are:

  • The Policy Decision Point (PDP) – this (more...)

APEX attributes for Escaping Special Characters

A relatively common on the forums is regarding the escaping of special characters in reports, but it seems the developer isn’t always sure what is actually happening and how to how to search for it.

It seems I’ve had this on my “to blog” list since April 2015, but now that 5.1 has been released, it seems more people are coming out to leave 4.x can’t work out where the Standard Report (more…)

Trusted Information Sharing – Some Underlying Concepts

In a recent post, I explained a little bit about what my new role at archTIS is. archTIS is a company that focuses on the area of Trusted Information Sharing. Trusted Information Sharing is a concept that not too many people would understand the complexities of. In fact, when I first started in my new role I wasn’t aware of just how complex it was myself! To explain all that complexity in a single (more...)

Password validation takes a while, how cool is that!!

You log in to your favorite web app and it takes a little while to get your login validated, or your password consumed, depending on your take on things,
or
You log in to your favorite APEX application, and after every 3rd shot, it takes a bit longer to retry

You are sure what you are doing and you are surely not drunk, but just mistyped the ****-password.

It is annoying, but is it?

I (more...)

WS Security – enabling passwordDigest authentication in an Oracle FMW environment

Objective:
To have a basic level of authentication on web services (especially where there's no transport layer security) without having to pass clear text passwords in the WS Security headers. 

Background:
The concepts are fairly generic but this post is highly Oracle Fusion middleware specific. There can be complex decision tree (see [1]) involved when selecting the 'appropriate' level of security for any system. As security involves trade-offs between cost, performance, usability (more...)