Oracle has updated the "Best Practices for Securing Oracle E-Business Suite" for Release 12. The new Metalink Note ID is 403537.1. Overall, there are very few changes to the document and mostly the changes are only to reflect the new R12 documentation.
The most significant changes to security for R12 are
- The introduction of the $INSTANCE_TOP, which consolidates all the configuration files and logs into a central location. This centralization should make monitoring of logs and configuration changes much easier.
- Elimination of modpsql (PL/SQL Gateway), which was the source of numerous security vulnerabilities.
Otherwise, all important security features in R12 are available in 11.5.10CU2 or 11i.ATG_PF.H RUP4.