I am pleased to announce the availability of the Allowed Resources security feature for Oracle E-Business Suite 12.1.3. The Allowed Resources feature is available for Oracle E-Business Suite 12.1.3 with Patch 30110924.
What protection is provided with Allowed Resources?
Oracle E-Business Suite is delivered with JavaServer Pages (JSPs) and servlets. Most customers use only a subset of these provided resources. The Allowed Resources feature allows you to reduce your attack surface by disabling resources that are not used in your environment. You can allow or deny resources at the family, product, or resource level.
The Allowed Resources feature allows you to define a whitelist of allowed resources for your Oracle E-Business Suite 12.1.3 environment. When enabled, accessing resources that are not configured in your whitelist is not allowed.
With Oracle E-Business Suite Release 12.1.3, you may use one of the following Allowed Resources user interfaces in order to configure the feature:
Your users will see an error message if access to a resource is blocked by the Allowed Resources feature.
Refer to the documentation for more information on how to to deploy and configure the Allowed Resources feature.
Where can I learn more?