Enterprise Administration > Implementing Windchill ESI > Implementing Windchill ESI in an ORACLE Applications Environment > Security Considerations
  
Security Considerations
As part of planning aWindchill ESI installation process, it is important to review your security needs and assess them against the following security features provided by Windchill ESI.
Authentication to Oracle Applications Systems
TIBCO accesses the Oracle Applications distribution target through the user name (ESISYS) and a password specified in each adapter instance deployment configuration. This user name is configured in the distribution target at implementation time. In other words, Windchill ESI does not support dynamic logon to the ERP distribution target. The ERP distribution target logon information for the adapter is also specified at the time of implementation.
Authentication to TIBCO EMS queues
The following lists features related to TIBCO EMS Queues security:
Windchill ESI uses the out-of-the-box security capabilities provided by TIBCO EMS.
Each JMS queue is secured. Specifying which users are allowed to access the queue and what functions they are allowed to perform on the queue are performed at installation and configuration time.
Two client user accounts are configured in the EMS server: a user from Windchill and a user from TIBCO BusinessWorks.Windchill ESI does not use dynamic (message level) authentication to the JMS queues.
The EMS shared configuration in TIBCO BusinessWorks, which describes the EMS connection and is used to authenticate to the EMS server, is set at implementation time and is not obfuscated.
Other Features
The following lists other security features related to TIBCO components:
User access to the TIBCO environment can be configured and is controlled though the TIBCO BusinessWorks Administrator. No TIBCO roles, such as distinctions between developers and administrators, are initially defined by Windchill ESI. For further details, refer to the TIBCO Administrator User’s Guide.
Repositories are set as read-only during run-time.
Windchill Enterprise Systems Integration performs all actions in Oracle Applications using a single Windchill ESI system user account (typically, ESISYS).
Messages are not encrypted.
LDAP integration is not supported.