Since UCM Applets are Stored on the Filesystem as Zip files, Can they be Decompiled so that Database Connectivity Information Can be Found?

(Doc ID 1252825.1)

Last updated on JUNE 24, 2016

Applies to:

Oracle Universal Content Management - Version: 10.1.3.7.0 and later   [Release: 10gR3 and later ]
Information in this document applies to any platform.

Goal

Admin Applets in UCM allow administrative users to perform actions such as manage users, grant access privileges and website access. The applets leverage back end connectivity to the database to retrieve and update information in the database to perform these functions. During testing it was found that these applets are stored as zipped files on the file system, and that they are retrieved by UCM every time they are accessed by the administrator. The applets can be downloaded and decompiled using a publicly available JAVA de-compiler to retrieve the source code and extract sensitive database connectivity information. Is this correct?


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms