APEX - developing an iSQL replacement.

Similar Messages

• SQL Injection threat with APEX developed applications

  We are using a tool, HP WebInspect, to scan some of our APEX developed applications for web application security testing and assessment. We are getting some critical and high vulnerabilities identified (see below) and would like to know if someone else has encoutered these and to determine a solution, whether it be a setting/settings within APEX or is it more related to the application and the way it was developed.
  Critical:
  Possible SQL Injection
  File Names: • https://xxx.edu:443/pls/apex/f?p=4550:1:36080644498857::NO:4::&success_msg=If+7
  77-777-1911form%40value777.com+exists+in+our+records'+OR%2cwe+will+send+the+workspace+name
  s+associated+with+this+email+address.+If+you+are+having+problems+receiving+the+workspace+name
  s%2cplease+contact+your+administrator.%2fC34A0EF5494AB92C95AA4D0F7BF52332%2f
  • https://busaff-test.utdallas.edu:443/pls/apex/f?p=4550:1:36080644498857::NO:4::&success_msg=If+7
  77-777-1911form%40value777.com+exists+in+our+records%2cwe%2bwill%2bsend%2bthe%2bworkspace
  %2bnames%2bassociated%2bwith%2bthis%2bemail%2baddress.%2bIf%2byou%2bare%2bhaving%2bprob
  lems%2breceiving%2bthe%2bworkspace%2bnames'%2bOR%2cplease+contact+your+administrator.%2fC3
  4A0EF5494AB92C95AA4D0F7BF52332%2f
  High:
  Possible Username or Password Disclosure
  File Names: • https://xxx.edu:443/pls/apex/f?p=104:101:1328157658320206:&notification_msg=Invali
  d%20Login%20Credentials/156F2A38AC41E25732821ABED8AA98B6/
  • https://xxx.edu:443/pls/apex/f?p=104:101:2360963243212364&notification_msg=Invali
  d%20Login%20Credentials/156F2A38AC41E25732821ABED8AA98B6/

  You can help us by telling us your first name, putting it into your profile, and by selecting a friendlier handle.
  The details you showed indicate no SQL injection possibilites whatsoever. The "Critical" examples also are unrelated to Application Express applications that you may have developed (application 4550 is the login application for the product itself and should rarely be used by end users in production environments).
  Scott

• Best APEX developing practices?

  Hello,
  I have a simple question - What are the best APEX developing practices in regards to developing workspaces ?
  There are two ways to develop in APEX (when you create an application for internal use, of cause) :
  One is to have a workspace per Application - Meaning that you have Developing, Test and Production Application in the same Workspace, and this Workspace would be reserved to one application only. The advantage of this approach is that it is easy to move ready pages (or even the whole application) from Developing to Production - You can simply copy ready pages from one application to another.
  The other one is to have a Workspace per Environment - Meaning that you have all your Production applications in one Workspace and all the Development application in another Workspace. In this case, when you have to move a page to Production, you have to export it, and import it to another Workspace. The advantage of this approach is security - you don't work in production...
  So I wanted to ask APEX gurus - What is your opinion on that? Are there any Oracle standards for developing in APEX? What is your best working experience in regards to developing applications in APEX, etc..??
  Thank you!

  Hi Sloger
  Keep it simple DEV, TEST and PROD are on separate database instances, preferably on separate servers.
  If you only have one box, then develop your app on your PC using XE.
  You can have the same workspace id on multiple databases, allowing you to promote between databases easily using SQL*Plus.
  As far as on app per workspace, that's entirely up to you.
  Multiple applications in a single workspace work very well - after all this is how the APEX team builds the Application Builder.
  Regards
  Mark
  demo: http://apex.oracle.com/pls/otn/f?p=200801 |
  blog: http://oracleinsights.blogspot.com |
  book: https://www.packtpub.com/oracle-application-express-4-0-with-ext-js/book

• Can Active Directory authenticate to the APEX development environment

  Greetings,
  Environment:
  Apex Version 4.0.2
  Database Version: 11.2.0.1
  Weblogic 10.3.3
  Apex Listener
  Is it possible to use Active Directory to authenticate access to the APEX development environment? I have all individual application using Active Directory authentication, but I can’t find a way to incorporate Active Directory to access the development environment.
  Thanks
  Larry

  Larry,
  no, you cannot change the way the APEX Application Builder authenticates its users.
  brgds,
  Peter
  Blog: http://www.oracle-and-apex.com
  ApexLib: http://apexlib.oracleapex.info
  BuilderPlugin: http://builderplugin.oracleapex.info
  Work: http://www.click-click.at

• ApEx Development Team: tab clear cache - new feature?

  Hi ApEx Development Team!
  I searched the forum and found, that many have (had) the same problem like me:
  Why isn't it possible to clear the cache by clicking on a tab? Why is it only possible for parent tabs?
  Wouldn't it be a nice feature for the next version of ApEx? This feature exists already, only not for the standard tabs...
  Regards,
  Sofie

  taepodong wrote:
  Apologies to dig up old thread but I ran into this problem and thought I'd share my solution as well (for search engine)There is no point in doing this. There are thousands of threads in this forum that are unanswered, or contain solutions that are suboptimal or that have been superseded. They can't all be updated "for search engine"...
  1) Edit the tab property where you want your page's cached removed. In My case it I had a tab pointing to page 6 and I needed page 6's cache cleared when I clicked on it.
  2) Edit the condition for the tab deisplay --> Function returning boolean.
  3) In the function body put the following code:
  begin
  if :APP_PAGE_ID != 6 THEN
  apex_application.clear_page_cache(6);
  END IF;
  RETURN TRUE;
  end; The expression will always evaluate to true, and will clear cache from page 6 if clicked from any other page that is not page 6.
  However if you want to apply condition to the page as well. (say and admin page based on :APP_USER property) then wrap the return true in another If-statement as well.I subscribe to the old-school idea that state-changing side-effects in functions are evil. Using Condition code in this unexpected way will make an application much harder to debug and maintain. If I came across this in an application I was working on I'd refactor it.
  Scott posted the correct way to do this above (post of 26-Mar-2008 23:00&mdash;not marked as helpful/correct as this was before the forum had this feature): Clear cache using an On-Submit Application Process that is conditional on the <tt>:REQUEST</tt> value set by the relevant tab(s).

• Future prospectus of APEX  Developer

  HI All,
  Since 6 months i have been working as an APEX developer(SQL and PL/SQL)
  and i'm planning to learn DBA
  I'm bit confused to take my carrier with APEX development .
  Could any one help me with this..
  My questions are as shown below
  1)What is the demand in the market comparatively DBA and other Developers.
  2)how can i grow competitively in this field.
  Kindly help me with this.
  Based on your opinions i ll be taking the next step.
  Edited by: Basva on Feb 16, 2011 6:03 AM
  Edited by: Basva on Feb 16, 2011 6:19 AM
  Edited by: Basva on Feb 17, 2011 6:07 AM

  HI All,
  Since 6 months i have been working as an APEX developer(SQL and PL/SQL)
  and i'm planning to learn DBA
  I'm bit confused to take my carrier with APEX development .
  Could any one help me with this..
  My questions are as shown below
  1)What is the demand in the market comparatively DBA and other Developers.
  2)how can i grow competitively in this field.
  Kindly help me with this.
  Based on your opinions i ll be taking the next step.
  Edited by: Basva on Feb 16, 2011 6:03 AM
  Edited by: Basva on Feb 16, 2011 6:19 AM
  Edited by: Basva on Feb 17, 2011 6:07 AM

• Preventing automatic log out from Apex Developer session

  Hello,
  I've noticed that I am frequently being logged out of my Apex Developer session whenever I am tryng to 'return' to application builder after running/testing my application (using Apex Developer). It seems quite random as to whether it happens or not, but since migrating to Apex v4.2 it appears to be happening more frequently ( based on my first week of using this version). Is there any setting that can be applied to prevent this happening or to extend the timeout/inactivity period before it does happen,
  thanks in advance,
  Kevin.

  Login as INTERNAL / ADMIN and go to Manage Instance > Security. There, you can define the maximal
  Maximum Session Length in Seconds      
  The help says:
  "Enter a positive integer to control how many seconds an application session is allowed to exist. This setting is superceded by the application level setting. Leave the value null in order to revert to the default value of 8 hours (28800 seconds). Enter 0 to have the session exist indefinitely. This session duration may be superseded by the operation of the job that runs every hour which deletes sessions older than 12 hours."
  and the
  Maximum Session Idle Time in Seconds
  The help says:
  "Enter a positive integer to control how many seconds a session may remain idle for Oracle Application Express applications. This setting is superceded by the application-level setting. Leave the value null in order to revert to the default value of 1 hour (3600 seconds). Set to 0 to prevent session idle time checks from being performed."
  Denes Kubicek
  http://deneskubicek.blogspot.com/
  http://www.apress.com/9781430235125
  http://apex.oracle.com/pls/apex/f?p=31517:1
  http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
  -------------------------------------------------------------------

• APEX Developer Competition 2009 Winners

  Hi forum users,
  Check out the winners of APEX Developer Competition 2009 held by ORACLE Inc..
  Links: http://www.oracle.com/technology/products/database/application_express/html/comp_winners.html
  Regards,
  Tajuddin

  Tajuddin,
  Will you share your "ABC School Management System" publicly for learning purpose as I want to see your extra effort on this application.
  Waiting of your positive reply,
  Regards,
  Muhammad Yousuf.

• APEX Listener as a replacement for modplsql ?

  Will APEX Listener ever be, or is it able to be now, a replacement for modplsql driven applications that are not APEX. It seems that it already takes care of everything needed to be a full scale modplsql replacement... In all honesty looking to see if it is possible to reduce the future licensing load on some of my clients if they wanted to build more redundancy into their front-end web applications. They wouldn't be reducing what they pay, as they are still in for the Forms installs in app server, but they are inhibited on their redundancy growth outward since adding new licenses to cover these new servers would be cost prohibitive. This is mainly a third-party product (SGHE's Self-Service Banner) that is driven off of modplsql, so rewrite isn't an option.
  Thanks for your input,
  -Richard

  As of the last EA version, it depends on which modplsql features your application uses. The main modplsql features that are not yet supported are:
  Basic database authentication - The listener must be configured with a single username and password and cannot dynamically change the database connection at run time.
  Multiple DADS - Each listener is configured for one and only one database connection. However, there is a way to install multiple copies of the listener, and configure each for a different database connection.
  Dynamic parameter passing - There must be a one to one relationship between fields on an HTML form (or query string variables in the URL) and the non-defaulted parameters of the called procedure. Name and Value arrays, with the "!" before the procedure name in the URL are not supported.
  CGI environment variables in the DAD.
  Oracle MAY support some or all of these features in the production version, or in some future version. We can probably influence this by telling Oracle what we want - but no guarantees. Kris Rice tells me that the APEX Listener was written to be extendable, so once Oracle gives us some documentation of how to extend it, some enterprising programmer may add some of these features as an extension.

• Using and Apex developed system and generating  word documents

  Started a new development project. We looked at using Apex for the system but ran up against a road block because the customer needs to generate word documents that they can edit and print. Does anyone know if Apex can handle this? Any suggestions on were to look for more information.

  Hi Dawn,
  Yes you can certainly do that, take a look at this quick overview -
  http://www.oracle.com/technology/products/database/application_express/html/configure_printing.html
  It refers specifically to PDF printing, however with BI Publisher you can output in Word Document format too.
  Hope this helps,
  John.
  Blog: http://jes.blogs.shellprompt.net
  Work: http://www.apex-evangelists.com
  Author of Pro Application Express: http://tinyurl.com/3gu7cd
  REWARDS: Please remember to mark helpful or correct posts on the forum, not just for my answers but for everyone!

• Change Control tools for APEX development

  I have a customer who is using APEX and would like to have change control, version, and synchronization of APEX pages...
  Basically we are talking about Configuration management capabilities

  Well, since APEX is mostly pl/sql based, the other poster's idea of SQL Developer is valid... The other items.... you are on your own for test scripts (again sql developer for the pl/sql required...)
  What it sounds like is your are wanting a oracle designer wrap-around for APEX.. Don't know what to tell you.. I would suggest you look at some type of version control system.. Subversion is a good one, MS Source Safe works too...
  Thank you,
  Tony Miller
  Webster, TX
  While it is true that technology waits for no man; stupidity will always stop to take on new passengers.

• Apex Development Tools

  Hello,
  Any suggestion for good Apex 4.0 development tools?
  Thanks!
  Kind Regards,
  Cearnau Dan

  Well, since APEX is mostly pl/sql based, the other poster's idea of SQL Developer is valid... The other items.... you are on your own for test scripts (again sql developer for the pl/sql required...)
  What it sounds like is your are wanting a oracle designer wrap-around for APEX.. Don't know what to tell you.. I would suggest you look at some type of version control system.. Subversion is a good one, MS Source Safe works too...
  Thank you,
  Tony Miller
  Webster, TX
  While it is true that technology waits for no man; stupidity will always stop to take on new passengers.

• APEX development opportunity at Collaborate!

  We are having a fun event at Collaborate for APEX developers. If you are going, feel comfortable in a rapid application development environment, interested in a complimentary pass to Collaborate 08, and want to participate in the Great Tool Debate, sign up today at http://www.ioug.org/news/031607.cfm. Deadline to sign up is next Monday, March 26th.
  Steve Howard
  APEX SIG
  Here is the announcement from IOUG...
  Developers, sign up now to participate in the first ever IOUG SIG Great Tool Debate at COLLABORATE 07 and earn a complimentary registration for COLLABORATE 08!
  IOUG is looking for volunteers to develop a simple application in a rapid application development setting starting a week before COLLABORATE. Each participant will have the opportunity to earn a complimentary registration for the IOUG Forum at COLLABORATE 08 by holding live development demonstrations in the IOUG Booth throughout the week of COLLABORATE 07, and gain recognition among IOUG Volunteer experts and Oracle leaders by participating as a panelist in the IOUG Closing Debate. For more information and to sign up now, please visit http://www.ioug.org/news/031607.cfm.

  Thomas,
  I have used PVCS and APEX for some time for a client, and we do not use and of the DIFF capabilities; it's more of a repository that we use for periodic builds than anything else.
  You could try to DIFF two different versions of an APEX application - most of the export file should remain consistent as you make small changes; it may take some getting used to deciphering some of the nomenclature used in the export files, but it would by no means be impossible.
  Thanks,
  &#150; Scott &#150;
  http://spendolini.blogspot.com/
  http://sumnertech.com/

• APEX Developer type

  I am new to APEX and we are currently evaluating it try to see if it is the direction we want go. Any my question is, what skill is needed the most for development small applications. Is it mostly PL/SQL work or is it a lot of html/java script/ajax coding? I am trying to figure out which team would be the better fit. The DBA/PLSQL team or thle web developer who knows some plsql.
  Thanks

  Hi,
  do you remember the movie Armagaddon where a bunch of wildcat drillers are sent up into space to drill holes in an asteroid so that it can be blown to pieces before it can collide with the earth. To me the question that Hollywood side stepped so as not to spoil a good plot was, would it be easier to teach a bunch of drillers how to be astronauts or would it be easier to teach a bunch of atronauts how to drill a few holes.
  Which brings us to your question. I'll frame my response from the point of view that Apex is a database application development tool. I would consider it easier to teach a bunch of database developers (DBA/Relational Design/SQL/PLSQL skills) the niceties of web development in a tool like Apex than to teach a bunch of web developers the intricasies of database development. This is not to put down the specific skills of either camp, its just horses for courses. At the very worst you get a crappy looking application that works, rather than a good looking application that doesn't. On top of this, a good development team should comprise a range of skills, which can include the aesthetic aspects of application design, especially if this is impoprtant to you, as in you may be developing a commercial or public facing application.
  My 5c worth.
  Regards
  Andre

• APEX development for mobile

  Does any one know if Oracle APEX 4.0 can be used to develop mobile applications?
  Are there any tutorials available for this mobile development with APEX?
  Thanks,
  Maggie

  You definitely can build mobile "web" applications. I modified the Aria People Search application that we run inside Oracle to work on Windows Mobile, Blackberry, iPhone, etc. I don't know of any tutorials, it's just a matter of templates. If you don't know HTML and CSS really well, I would start there. Quick test, which of these tags is incorrect:
  <font ....>.....
  <b>hello</b>
  <u>world</u>
  <td align=center>...
  <DIV STYLE=foo>...Here's how I would start:
  * Figure out your target devices and browsers
  * Many of the Windows Mobile devices use Opera Mobile (which is a really good browser). You can make the desktop version function like the mobile version
  * If iPhone is your target you can use the following bookmarlets to resize Safari to iPhone Landscape or Portrait:
  javascript:self.moveTo(0,0);self.resizeTo(480,320);self.location="http://www.apple.com";
  javascript:self.moveTo(0,0);self.resizeTo(320,480);self.location="http://www.apple.com";* Microsoft makes a free simulator for Windows Mobile (not sure about Windows Phone 7)
  * Don't use any flash charts
  * Don't use any popup LOVs
  * Interactive reports won't work well
  * Keep the HTML / CSS / JavaScript and Images VERY SMALL. Use Firefox + ySlow to measure this
  * Start with a very simple page template and build up, not the other way around.
  Tyler Muth
  http://tylermuth.wordpress.com
  "Applied Oracle Security: Developing Secure Database and Middleware Environments": http://sn.im/aos.book