Protecting Pages in Oracle BI EE from Attack

Question

Dear Experts, We are using OBIEE 12.2.1.4.x on window server 2016 1) What is the exact meaning of the Protecting Pages in Oracle BI EE from Attack ? what is the basic idea? 2)if we use below tag adding in to the instanceconfig.xml file that is the meaning of Protecting Pages in Oracle BI EE from Attack technically ? prohibit 3) How to test weather protecting pages in obiee from attack? testing methods ? Please check below doc for reference https://docs.oracle.com/middleware/12213/biee/BIESG/GUID-91819169-DBC7-45F5-BB07-5B42B0CE06BF.htm#BIESG3566 Thanks

[Deleted User] · Answer

+1'000

Wrong question from completely undefined starting point pretty much invalidates the question in itself.

Take 5 steps back and think about how your solution is architected.

Gianni Ceresa · Answer

Hi,

Sorry to ask but, why do you want to mitigate something which maybe doesn't concern you?

Is your OBIEE publicly accessible?

3808468 wrote:Protecting Pages in Oracle BI EE from Attack

This doesn't literally mean anything.

In OBIEE I'm more scared by users being allowed to build analysis with 154 columns and dumping out millions of rows in Excel files than if somebody, inside the company network, will try to setup a fake page for clickjacking (https://en.wikipedia.org/wiki/Clickjacking ).

That setting will prevent OBIEE from being rendered in an iframe as the doc says. Some people used to embed OBIEE content into iframes to embed it into some portals or other websites. With that parameter in the instanceconfig.xml, embedding OBIEE by iframe will not work anymore.