The following principles are fundamental to using any application securely:

• Keep software up-to-date. Upgrade to the latest Design Studio product release and apply all appropriate patches.

• Limit privileges. Give users only as much access as necessary to perform their work. Review user privileges periodically to determine relevance to current work requirements.

• Monitor system activity. Establish access and frequency rules for system components and monitor those components.

• Install software securely. Use firewalls, secure protocols such as SSL, and secure passwords.

• Learn and use the Design Studio security features. Enforce user authorization, establish desktop lock policies, and employ source control.

• Use secure development practices. Leverage Design Studio security functionality.

• Stay informed. Read all security alerts and promptly install all security patches. See "Critical Patch Updates and Security Alerts" here:

  http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Security for Design Studio focuses on a few key areas:

• Limiting use of Design Studio to authorized users

• Controlling access to cartridge management functions

• Protecting cartridge designs

• Preventing run-time cartridge archive tampering

The remaining sections in this document address each of these security considerations.