10g (9.0.4)
Part Number B10689-01
 Contents |
 Index |
| Oracle Content Management SDK Installation Guide 10g (9.0.4) Part Number B10689-01 |
|
Oracle Content Management SDK (Oracle CM SDK) runs in conjunction with Oracle Application Server and Oracle9i Database Server. Written entirely in Java, Oracle CM SDK is an extensible content management system with file server convenience.
This chapter contains the following topics:
Oracle Content Management SDK (Oracle CM SDK) is a robust development platform for building content management applications. It provides a set of Java APIs for versioning, check-in/check-out, security, searching, extensible metadata and other standard content management operations. Oracle CM SDK provides:
These features and capabilities are designed to help developers bring enterprise-scalable content management-based applications to market faster and better than with any other platform.
Prior to version 9.0.3, Oracle CM SDK was known as Oracle Internet File System (Oracle9iFS).
Oracle Content Management SDK provides a Java API that developers can use to customize or extend the product's core functionality in numerous ways to build comprehensive content-management and collaboration systems. This Oracle Content Management SDK Installation and Configuration Guide provides instructions for installing and configuring Oracle CM SDK.
Before installing Oracle CM SDK, be sure to read Chapter 1, Concepts in the Oracle Content Management SDK Administrator's Guide to become familiar with Oracle CM SDK domain and node processes, credential managers, and integration with Oracle Application Server, including components such as Oracle Internet Directory and Web-based administration.
Installing, configuring, and maintaining Oracle CM SDK requires basic database administration expertise. Before you attempt to install or upgrade Oracle CM SDK, review the steps in this section.
Evaluate your hardware resources and choose an appropriate deployment path:
For information on deployment options, see Appendix A, "Planning Your Oracle CM SDK Deployment".
Verify that all computers meet the requirements listed in the following sections in Chapter 2, "Requirements":
You must know (or create) numerous administrative user accounts and passwords when you install and configure Oracle CM SDK and related components. You can use the "User Account and Password Summary Tables" in Appendix C to keep track of the various schema, user account names, and passwords required during the installation process. However, if you write down any system settings, keep the information in a secure place or destroy it after successful configuration.
If you are using Oracle Internet Directory (OID) for credential management, user names cannot contain multi-byte characters. Passwords must be at least five characters long, must include at least one numeric character, and must use ASCII characters only. No restrictions apply to user names and passwords if you are using Oracle CM SDK credential management.
Before installing Oracle CM SDK into an existing database, shut down the database cleanly and perform a full backup so that you can recover, if any errors occur.
If you use SHUTDOWN IMMEDIATE or SHUTDOWN ABORT to force users off the system, Oracle recommends that you restart the database in restricted mode, and then shut it down with normal priority before performing the backup.
The defined behavior of some industry-standard protocols is inherently insecure. Oracle has no control over the defined behavior of these protocols; these security issues do not represent defects in Oracle software.
If you use Oracle Internet Directory, you should use an Oracle CM SDK-specific password (rather than the Oracle Internet Directory password) to authenticate users of some protocol servers. As mentioned above, some protocols send unencrypted passwords, which means that if one of these passwords is intercepted, it could provide access to all systems controlled by Oracle Internet Directory for that user. Using the Oracle CM SDK-specific password ensures that even if a password is intercepted, the OID password is not compromised.
See the Oracle Content Management SDK Administrator's Guide for more information about Oracle CM SDK-specific passwords.
File Transfer Protocol (FTP) and AppleTalk Filing Protocol (AFP) send unencrypted user passwords across the network. If you are unwilling to accept this behavior, you should disable these protocols.
If you are using Oracle Internet Directory, you can configure Oracle CM SDK to require Oracle CM SDK-specific passwords for these protocols to avoid compromising users' OID passwords.
By default, the Internet Message Access Protocol (IMAP) sends unencrypted user passwords across the network. If you are unwilling to accept this behavior, you should disable IMAP, or configure it to use Secure Sockets Layer (SSL). Alternatively, if you are using Oracle Internet Directory, you can configure Oracle CM SDK to require Oracle CM SDK-specific passwords for IMAP users to avoid compromising users' OID passwords.
The Command-line Utilities protocol (CUP) sends unencrypted user passwords across the network. Oracle provides CUP as a development tool; it is not meant for use in a production environment. If you are unwilling to accept this behavior, you should disable this protocol.
If you are using Oracle Internet Directory, you can configure Oracle CM SDK to require Oracle CM SDK-specific passwords for CUP users to avoid compromising users' OID passwords.
The HTTP/DAV protocol allows both basic (unencrypted) and digest (encrypted) authentication. Oracle CM SDK disables basic authentication by default, but administrators can enable it if they choose. If basic authentication is enabled, unencrypted user passwords are sent across the network, unless HTTP/DAV is configured to use SSL. Whether HTTP/DAV uses SSL depends on the configuration of Apache; this configuration is separate from and outside the scope of Oracle CM SDK configuration. If you are concerned about HTTP/DAV basic authentication, you should either disable basic authentication, or configure Apache to use SSL.
AFP, CUP, FTP, HTTP/DAV, IMAP, NFS, and SMB/NTFS protocols do not encrypt the network channel by default. This means that files transferred using these protocols are susceptible to interception. If you are unwilling to accept this behavior, you should disable these protocols, or configure them to use SSL (Apache/HTTP/DAV and IMAP only).
To perform Oracle CM SDK administration tasks using Oracle CM SDK Manager or the Application Server ControlFoot 1, administrators authenticate using an HTML form. Unless Apache and Oracle Enterprise Manager are configured for SSL, unencrypted passwords are transmitted over the network.
By default, JDBC does not encrypt network connections between Oracle CM SDK and the Oracle9i Database Server. Sites can optionally use Oracle Advanced Security to encrypt these connections.
If you use Oracle Internet Directory to authenticate users, you can choose whether to use SSL to connect to Oracle Internet Directory. If you do not choose to use SSL, unencrypted passwords can be sent over network connections between Oracle CM SDK processes and Oracle Internet Directory.
Oracle FileSync, the client file synchronization software, stores a cookie in the client file system. The Oracle FileSync cookie stores an opaque token (in other words, a randomly-generated string) in order to authenticate a particular user. This credential expires by default after ten days. Administrators can change the expiration date or disable the token credential by changing the IFS.SERVER.PROTOCOL.DAV.IfsServer.Auth.TokenCredential.Timeout property. See the Oracle Content Management SDK Administrator's Guide for more information.
1
The Application Server Control was formerly known as the Oracle Enterprise Manager Web site.
|
 Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|
