My Oracle Support Banner

Since UCM Applets are Stored on the Filesystem as Zip files, Can they be Decompiled so that Database Connectivity Information Can be Found? (Doc ID 1252825.1)

Last updated on MAY 22, 2020

Applies to:

Oracle WebCenter Content - Version 10.0 and later
Information in this document applies to any platform.

Goal

Admin Applets in UCM allow administrative users to perform actions such as manage users, grant access privileges and website access. The applets leverage back end connectivity to the database to retrieve and update information in the database to perform these functions. During testing it was found that these applets are stored as zipped files on the file system, and that they are retrieved by UCM every time they are accessed by the administrator. The applets can be downloaded and decompiled using a publicly available JAVA de-compiler to retrieve the source code and extract sensitive database connectivity information. Is this correct?


Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.