Friday, June 27, 2008

Oracle Security Issue - DMZ

We come across a issue in our External Tier (which was outside Firewall) related to security. We were able to view some of the statis pages via playing around with external tier URL. Which is a serious security threat to our environment. After Looking at parameters in url_fw.conf and metalink we came across to following Profile values:
FND Function Validation Level
FND Validation Level
Framework Validation Level
There default value is "error", as per metalink note: 390203.1 we must not change them. Althought we were running on 11.5.9, but ATG patchset 4, that's why we have these values in our system and that saves us.

Happy Troubleshooting !!!

No comments: