Many resources in the production environment can be protected, such as information in databases accessed by WebLogic Server and the availability, performance, applications, and the integrity of a website. You can evaluate the resources that require protection to decide the level of security to provide for each of them.

For most websites and online services, resources must be protected from everyone on the Internet. You might also consider restricting employee access on a company intranet to only the resources to which they need access, and only granting access for highly confidential data or strategic resources to a few trusted system administrators. In some scenarios it might be better for system administrators to not have direct access to data and resources until they switch to a user account with fewer privileges.

A minor fault in a security scheme could be easily detected and considered nothing more than an inconvenience. In severe cases, a fault might cause significant damage to companies or individual clients that use the website. Understanding the security ramifications of each resource can help you to ensure that they're robustly protected.