Security Risk - No Logout Button To Terminate User Session
(Doc ID 1297358.1)
Last updated on MARCH 15, 2019
Applies to:Oracle Utilities Framework - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
=== ODM Question ===
Security Risk observed due to no Logout Button supported by Framework, the user cannot terminate the session.
In CCB due to not having logout button in the application, any user can still use the existing application. That means closing the browser does not stop another user from using old session and querying the application.
Support Logout feature by adding logout button in the Main Page and also change the Login authentication auth type from ‘BASE’ to ‘FORM in web.xml.
By default the logout button is not displayed but when user sets the property to true then the logout button is displayed in the application.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document