Alan Belisle

A topic that often comes up in consulting engagements that involve Oracle SOA Suite is migration. Simply put, migration moves a code release – or some of its component – from one environment to another. When it comes to SOA Composite Applications, one approach I have seen consists in leveraging the revision control system, Subversion […]

Before I start, it is important to understand Oracle’s license terms. It is not uncommon to download Oracle products from the Oracle Technology Network (OTN). Here’s an extract from the Oracle Technology Network Free Developer License Terms “You may not cause or permit reverse engineering (unless required by law for interoperability), disassembly or decompilation of […]

2013/05/21 Update: I made a correction to specify that AES uses a cipher key and not an initialization vector (more information on AES can be found here). Some may have positive reactions while others may have negative ones with the title of this post. The Securing Oracle WebLogic Server series was building up to this […]

The next step after installing the software consists of creating the WebLogic domain. Before we do, as stated in the pre-installation posts, following OA&M best practices, application and user data must be separate from software products. The WebLogic domain could easily be created in the /var hierarchy on Linux or within the home or user […]

This post discusses the actual installation of WebLogic Server. Generally speaking, the installation of Oracle WebLogic Server, in reality, involves installing two software products: Java – typically a Java software development kit (SDK) – and WebLogic Server. In a secured deployment, I will install the Java SDK in the same location as WebLogic Server. On […]

This post continues where we left off in discussing the pre-installation tasks of Oracle WebLogic Server. 1) Operating System Firewall Most operating systems include a (software) firewall. The existence of the Windows firewall and Linux firewall (a.k.a. iptables) are common knowledge. Just in case, here are some articles for Solaris and AIX: Setting up a […]

This post discusses the tasks for preparing the operating system before installing WebLogic Server. 1) Validate Operating System The very first thing to do is to validate that the latest critical updates and patches are applied. Everyone talks about it. However, breaches occur regularly because it is not done. I recommend manually running the process […]

I was attending a lunch and learn today where someone asked the following question about publish-subscribe: if the publisher is delayed, how are the subscribers affected? I hear this type of questions often from IT people who have spent their career working on mainframe systems. There are used to processing data in batch, and in […]

This is the second in a series of posts, as the title implies, that focuses on securing Oracle WebLogic Server. This software product is a full fledge Java Platform, Enterprise Edition (Java EE). Thus, this series is about technology, right? Yes, it will be primarily focused on technology. However, we have to consider information security […]

I have been working with Oracle WebLogic Server for quite some time. I can count on my hands the number of deployments where security was a concern. This is a first post of a series that focusses on securing WebLogic Server. This series is inspired by the work I am currently doing with a client […]