Chapter - 3 : Secure Installation

Recommended Deployment

OIDG requires several .EAR, .JAR, and config files to be deployed and configured in WebLogic. The WebLogic domain should not be installed as root. The installation files should be placed in a secure location on the file server that can be accessed by WebLogic. Access should be restricted to the user or user group that WebLogic is running under.

As mentioned earlier, the OIDG middle-tier and database should each be kept behind a firewalls. The following is a reference topology on how the OIDG infrastructure should be deployed.

Image represents a reference topology on how the OIDG infrastructure should be deployed
Figure 3.1 - Reference topology on how the OIDG infrastructure should be deployed

Secure Installation of Web Application

Secure all entries, for example make sure that SSL/TLS is used between clients and load balancer / DMZ.

Installing Database Schemas

The user created for the database schema should only be given minimal permissions. The OIDG database user needs to be the owner of the schema and does not require any additional permissions. The db owner should not be used for the web location to connect to the database. Another separate database user should be created for the web application to connect to the database.

Please consult the OIDG Installation Guide and Oracle database documentation for more details.