New security methods introduced
By Acshorten-Oracle on Feb 09, 2009
Over the next few releases you will see a trend in introducing additional security functionality in the product set. While we had good security facilities the markets demand more sophisticated and flexible security systems.
Typically in the Oracle Utilities Application Framework we used the industry standard JSR session cookie as a record of credentials for the session. This was an in memory only cookie and is used widely across a lot of infrastructure as a standard.
We recently introduced an alternative security method that replaces the session cookie with a method recognized by the industry as being more flexible and more secure.
More details of the method and the fix to install are contained in the following patches:
- Patch 7706399 for OUAF V2.2 based applications
- Patch 7423025 for OUAF V2.1 based applications
Note: Installing these fixes will not alter the external runtime behavior of the product but will affect the internals of the transmission of data between the browser and server.