Maintaining Security with Oracle BI Discoverer 13-25 1. Define a PLSQL function in the database that: ■ has a return type of integer ■ does not take any arguments 2. Add the required code to manipulate the GUID or Oracle Single Sign-On user name. Tip : To return the GUID or Oracle Single Sign-On user name passed by Discoverer, query the CLIENT_IDENTIFIER attribute of the USERENV application context namespace using the following function call: SYS_CONTEXTUSERENV, CLIENT_IDENTIFIER 3. Register the function with Discoverer Administrator and give it the following properties: ■ Name: eul_triggerpost_login ■ Return type: Integer ■ Arguments: none For more information about registering PLSQL functions and using Discoverer EUL triggers, see the Oracle Fusion Middleware Administrators Guide for Oracle Business Intelligence Discoverer. 4. If the DatabaseEnableTriggers preference exists in the pref.txt file, set it to a value other than zero. Notes ■ If the DatabaseEnableTriggers preference does not exist in the pref.txt file, do not create it. ■ If the DatabaseEnableTriggers preference does exist and you must change its value that is, to make it nonzero, you must subsequently: 1. Run the applypreferences script to apply the preference change. 2. Stop and restart the Oracle BI Discoverer service for the change to take effect.

13.10 Frequently asked questions about security

This section contains common security questions and answers. 13.10.1 What is a firewall? A firewall is one system or a group of several systems put in place to enforce a security policy between the Internet and an organizations network. In other words, a firewall is an electronic ‘fence’ around a network to protect it from unauthorized access. 13-26 Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer Figure 13–3 A typical Internet connection with a Client-side and Server-side firewall Typically, an organization using a Web Server machine that communicates across the Internet has a firewall between its Oracle HTTP Server machine and the Internet. This is known as a Server-side firewall. Other organizations or remote parts of the same organization connecting to this Web Server machine typically have their own firewall, known as a Client-side firewall. Information that conforms to the organizations firewall policy is allowed to pass through the firewalls enabling server machines and client machines to communicate. 13.10.2 What is a demilitarized zone DMZ? A demilitarized zone DMZ is a firewall configuration that provides an additional level of security. In this configuration, the DMZ is an extra network placed between a protected network and the Internet. Resources residing within the DMZ are visible on the public Internet, but are secure. DMZs typically hold servers that host a companys public Web site, File Transfer Protocol FTP site, and Simple Mail Transfer Protocol SMTP server. Figure 13–4 A Demilitarized Zone DMZ Firewall policies vary across organization and there are a wide variety of bespoke and off-the-shelf firewall packages in use. A good firewall configuration assumes that resources in the DMZ will be breached, and if this happens, the firewall should minimize damage to the internal network and any sensitive data residing on the network. This involves two steps: ■ Move sensitive private resources at a minimum, databases and application logic from the DMZ to the internal network behind the internal firewall ■ Restrict access to sensitive private resources from the DMZ itself, and from internal networks Maintaining Security with Oracle BI Discoverer 13-27 13.10.3 What is HTTPS and why should I use it?