Weblog for the AMIS Technology corner
Posts tagged security
WebLogic 11g:Override Production enabled Security
Nov 19th
When you configure yor domain in WebLogic 11g, by screen install or by scripts, when you choose Production Mode security will be more strict as in Development Mode.
Normally it would require a boot.properties afterwards to create in order to start; anyway, all kinds of unnecessary steps.
In a scripted install with WLST , here is a way to override it… watch wonderous python!:lol:
First, in your script define some variables:
def createBootPropertiesFile(domain_dir, username, password) :
if not os.path.exists(domain_dir + “/servers/” + “AdminServer” + “/security”):
os.makedirs(domain_dir + “/servers/” + “AdminServer” + “/security”)
filename=(domain_dir + “/servers/” + “AdminServer” + “/security/boot.properties”)
f=open(filename, ‘w’)
line=’username=’ + username + ‘\n’
f.write(line)
line=’password=’ + password + ‘\n’
f.write(line)
f.close()
else:
print ‘domain_dir + “/servers/” + “AdminServer” + “/security” exists’
Then, finally in your WriteDomain statement include
writeDomain(properties.domain_dir)
if (properties.production_mode_enabled):
createBootPropertiesFile(properties.domain_dir, ‘weblogic’, properties.weblogic_password)
else:
print ‘Dry run completed, if you still have an interactive session (started with wlst -i), ‘ + \
‘run: writeDomain(\” + properties.domain_dir + ‘\’) to write the domain to disk’
if (properties.production_mode_enabled):
print ‘and createBootPropertiesFile(\” + properties.domain_dir + ‘\’,\’weblogic\’,'+ ‘\” + properties.weblogic_password + ‘ \’)’
if (properties.production_mode_enabled):
createBootPropertiesFile(properties.domain_dir, ‘weblogic’, properties.weblogic_password)
else:
print ‘Dry run completed, if you still have an interactive session (started with wlst -i), ‘ + \
‘run: writeDomain(\” + properties.domain_dir + ‘\’) to write the domain to disk’
if (properties.production_mode_enabled):
print ‘and createBootPropertiesFile(\” + properties.domain_dir + ‘\’,\’weblogic\’,'+ ‘\” + properties.weblogic_password + ‘ \’)’
AMIS Query: A (hacking :) event with Oracle ACE Director Pete Finnigan
May 17th
Zoals al aangekondigd in een eerdere blogpost heeft AMIS in samenwerking met Miracle Benelux, Masterclass trainingen, de mogelijkheid om vlak voor de twee daagse Masterclass in Utrecht van Oracle ACE Director en Oracle Security expert Pete Finnigan uit Engeland, een AMIS Query te organiseren. Beveiliging van je data en de focus hierop is vaak een ondergeschoven kindje. Iedereen is zich er waarschijnlijk wel van bewust dat data verlies via beveiligingslekken door bijvoorbeeld architectuur, programmatuur of onderliggende ondersteunende software, een gevoelig punt is in de organisatie. Het security gedachtengoed heeft echter ook impact op design en performance.
Een stukje van de sluier, van het beveiligings gedachtengoed, zal Pete Finnigan met ons delen tijdens de 25e Mei.
Hierbij de agenda voor de avond:
- Vanaf 17:30/18:00 uur is iedereen welkom voor het diner.
- Vanaf 19:00 uur zal Pete Finnigan, ingaan tijdens zijn presentatie en demo’s “Oracle Database Security – (The True State?)“:
-
- Focus op database security werk
- Enkele realistische “hacking” demo’s / scenario’s
- Discussie stuk t.a.v. de getoonde hacking demo’s
- De correcte manier om data te beveiligen
-
- Rond 21:00 uur afsluiting van de avond
Er is nog plaats maar meld je wel op tijd aan via deze pagina (Event Registration Form – Dutch) voor deze AMIS Query op 25ste Mei met Pete Finnigan.
Wil je je nog aanmelden voor de 2 daagse Masterclass van Pete Finnigan dan kan dat via de volgende pagina:
- Pete Finnigan Masterclass – How to perform a security audit of an Oracle database (26 & 27 Mei in Utrecht).
ADF: simple EL expression to a method with params on a bean
Dec 4th
Based upon an old blogpost of Lucas "How to call methods from EL expressions- pre JSP 2.0 trick for JSPs with JSTL" I've created an ADF SecurityBean, so you can write EL expressions like "#{securitybean.isUserInRole['KING,ADMIN']}".
The idea is pretty simple. Use an innerclass that implements the getObject method of the map interface with your specific argument method and in your bean return an instance of this innerclass on the method with a readable and sensible name.
(the blog of Lucas explains why to use a class with a map interface).
Oracle Database Vault: The ultimate protection for your application data.
Mar 17th
Some time ago, I discussed security in Oracle databases with a customer and explained the role structure in the Oracle database. I explained to him that ultimately it’s the DBA who assigns roles and privileges to the users of an application and it’s the DBA who is the almighty, most powerful user with almost unlimited access to data and abilities to modify a database. With all this security in place, who’s going to prevent to DBA from using his powers in a malevolent way, was my customers question? To be honest, until that moment I’d never given that possibility a thought. I’d always seen DBA’s as hardworking, loyal and honest people who watch over their applications as a mother over her child. But obviously my customer was right about who’s going the check the DBA. This can’t be done be introducing another super-super user, because who’s going to check him? Read the rest of this entry »
