HTML Injection Attacks: Impact and Mitigation Strategies
Oracle apps file system
1. Oracle Applications Notes - File System
Oracle Applications contain several components and their files installed under various top level
directories
APPL_TOP :
top level directory for all the oracle applications products ( <dbname>APPL ).
contains environment files ( contextname.env, APPS<contextname>.env ), administrative files
(admin, au ), product files ( one dir for each product fnd, po etc
there will be a base release directory e.g. 11.5.0 under each product directory
env variable to store product directory is <PROD>_TOP (e.g. AU_TOP=/u02/prdappl/au/11.5.0,
FND_TOP=/u02/prdappl/fnd/11.5.0)
Each of the PROD_TOP directory contains several sub directories grouped by the usage (e.g. admin,
bin, forms, help, java, html, plsql, log, sql, out..etc..)
admin -> contains directories and files used by AUtoupgrade tool (driver directory -> contains driver
files for th eupgrade *.drv, import -> import files used to upgrade seed data, odf -> object
description files, sql)
bin -> contains programs and utilities.. AD_TOP/bin, FND_TOP/bin (example : FNDLIBR concurrent
manager, fdfcmp flexfield compiler, adadmin AD Admin utility, adpatch Autopatch utility)
forms -> contains forms runtime files. Forms source files are stored under AU_TOP/forms
Log and out directories : there are 2 ways that it can be stored 1) in each product's log and out
directory 2) in common directory specified by APPLCSF under <contextname>.env file
patch-> patch directory contains driver, sql, import and odf files used by autopatch
COMMON_TOP : directory for the files used across various products ( <dbname>COMN ).
COMMON_TOP/admin -> default location for the log/out directories of the concurrent managers.
JAVA_TOP and OAH_TOP(html) are under COMMON_TOP by default
<dbname>ORA : top level directory for the tech stack components
contains 2 oracle homes (iAS, 806) to support new features of db and to be compatible with earlier
releases. exists on app tier used by developer products and http server respectively.
<dbname>DB : db Oracle Home directory
contains 920 oracle home for the applications database
<dbname>DATA : directory for the database data files
Globalizations are the components to provide country / region specific functionality. These will be
licensed automatically when country specific functionality is licensed.
APPL_TOP/admin dir -> contains files/scripts used by AD utilities ( env files, application context file,
adovars.env, text files/sql scripts for the autoupgrade, preupg dir containing product specific
preupgrade sripts, log,out,restart directories, )
admin dir text files :
adconfig.txt -> system config variables
adlinkbk.txt -> files to be backed up by AD relink utility
applcust.txt 0> registered customizations
applora.txt-> min db parameters
applprod.txt -> products list
applterr.txt -> territories
2. APPL_TOP/ad dir -> AD (Applications DBA) contains all the utlities/scripts used for installing,
upgrading and maintaining the oracle apps. contains adadmin, adaimgr, adpatch, adconfig
APPL_TOP/au -> contains product files consolidated into a single locations for optimal processing
- pl/sql libraries for reports(plsql dir)/forms (resource) dir
- forms source files (forms dir)
- Jinitator java files (java dir)
- Discoverer reports (reports)
Shared APPL_TOP
In shared APPL_TOP system, APPL_TOP is shared across multiple machines and each machine has its
own environment file and the context file.
Not available for window environment. All the oracle homes in shared appl_top must be at the same
patch level. Can not be used for operating systems which are not binary compatible.
Various servers (db layer, concurrent processing layer, forms/http/dns server) in the Oracle
applications can be configured with load balancing option.
2 types of load balancers :
1) session persistent load balancer(always direct http requests to the same server)
2) non-session persistent load balancer (do not necessarily send to the same server)
Some load balancers use Secure Socket Layer(SSL) Accelerators whih reduce SSL traffic and load on
the webserver. These accelerators convert https requests to http and send them to web server
running in non-ssl mode.
In Jserv Layer load balancing, Oracle Process Manager module mod_oprocmgr provides Jserv restart
functionality across multiple nodes.
Forms based traffic is balanced in 2 options
- Metrics server (forms server)
- Jserv load balancing (forms listener servlet)
Load balancing can be configured using
1) rapid install during the installation
2) OAM (oracle applications manager) auto config option.
Network Latency : performs well with average latencies upto 300ms and acceptable upto 500ms
Satellite links are used for remote locations wheree terrestrial services are not feasible.
Wireless LANs get benefited by using Forms Listener Servlet arhitecture which make reconnection
attempts incase of network interruptions