Developer Security with HTMLDB (Application Express)

Similar Messages

• PL/SQL Counter for HTMLDB - Application Express - Survey Counter

  I wonder if somebody could help me to clarify the HowTo on this Survey.
  Based on:
  http://www.oracle.com/technology/products/database/application_express/index.html
  http://www.oracle.com/technology/oramag/oracle/06-mar/o26browser.html
  I follow up however that is not exactly what I like to see in my Survey. I like to make something more elegant and flexible.
  On this example he put 10 questions/ page. I like to use 1 Question / Page.
  And I like to extend to more than 10 pages. for example 20.
  My question to the forums is:
  If I create an application with Only 3 pages [ Welcome, Survey, End ]
  And the main page for the Survey is the second page.
  How would programatically be the logic to:
  Start the Welcome page => Setup variable counter = 1
  Then using sessions with a button click on Start Survey.
  Survey Page check for the existence of counter variable if exist retrieve the Question from the Questions table and the properly Answer will be recorded.
  This answer could include comments, and the Rating could be an LOV.
  After the Question 1 is asnwered then the Next Button on the Page 2 Call the same page 2. If the Questions is the max number of questions [20] then go to the End or Summary Page. if not just increase the counter variable then retrieve the next question.
  Am I asking to much ???. I'm just starting on PL/SQL and HTMLDB I'm not sure how to manipulate those variables. I've been trying but I'm stuck.
  Thanks in Advance for your Help.
  Dino.
  http://htmldb.oracle.com/pls/otn/f?p=42721:1:4875344191023058749:::::
  PS -> As soon as have the answer will post it public in htmldb.oracle.com =)

  Move this over to :
  Oracle Application Express (APEX)

• OID-Integrated Label Security with HTMLDB?

  Hi,
  I've followed the how-to document to integrate Oracle Label Security with Oracle Internet Directory.(http://www.oracle.com/technology/deploy/security/database-security/howtos/ols_oid-how-to.html).
  I've successfully created a label security policy for the HR.LOCATIONS table. I would like that same policy to be effective on any query regions in an HTMLDB application.
  I created a test application in HTMLDB, and changed the authentication scheme to be LDAP. It uses Oracle Internet Directory to authenticate the users, and this works successfully.
  However, when I login with an OID user that has been assigned to use the policy, I get no rows returned.
  What is a good way to integrate my label security policy with my htmldb applicaton so that it works within HTMLDB and outside of HTMLDB?
  I saw the technote to use VPD, but when I tried this, it caused my label security policy to stop working. I somehow made it conflict...(http://www.oracle.com/technology/pub/notes/technote_htmldb_vpd.html)
  I guess I'm just not sure what the VPD function should look like after I've already created a Label Security Policy.
  I basically want it to look at the APP_USER and then apply the policy appropriately.
  Thanks,
  Nora

  Scott,
  It still worked in SQLPLUS when I typed 'set role none' first.
  The way I granted PROFILE_ACCESS was through a label security command:
  SQL> exec sa_user_admin.set_user_privs('senspolicy','parse_schema','FULL,PROFILE_ACCESS');
  It seems like this is the only way..
  It just seems strange that it works in SQLPLUS. I'm trying to figure out what other permissions I need for HTMLDB.
  Thanks again,
  Nora
  SQL*Plus: Release 10.2.0.1.0 - Production on Wed May 16 16:38:20 2007
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Enter user-name: parse_schema/<password>@testls
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
  With the Partitioning, Oracle Label Security, OLAP and Data Mining options
  SQL> set role none;
  Role set.
  SQL> select count(*) from hr.locations;
  COUNT(*)
  23
  SQL> exec sa_session.set_access_profile('senspolicy','PUB');
  PL/SQL procedure successfully completed.
  SQL> select count(*) from hr.locations;
  COUNT(*)
  17
  SQL>

• Using WS-Security with Spring application in WebLogic

  From a high level, are there any issues with using WS-Security in WebLogic 8 or 9 with an application constructed with Spring? What issues might come up between WS-Security and Spring that might make this complicated?

  You won't be able to do this using the WSSE file.
  An easy way to get around this is to use an XML Bean built from the WS-Security XML Schema. You'll have to read the WS-Security spec to determine how to create the nonce, but you'll be able to convert this XML Bean into the Element[] that the setOutputHeaders() method, which is on the service control you call the .NET Web Service with.
  Regards,
  Mike Wooten

• Help with installing application express

  that´s my problem
  I install oracle application express in virtual machine and when I acces yo the web
  I got
  wwv_flow.app_not_found_footer_err
  please some helps .. only I know the version of the owa is not geater
  the version of APEX is 3.2
  and I was looking in other pages on internet and tells that i have to
  Confirm the PL/SQL Web Toolkit version is 10.1.2.0.6 or greater
  my version Web Toolkit version is 10.1.2.0.4 so I think could be the problem ,
  I all ready update the version but the problem is the same

  Hello,
  Did you already look in your log of the apex installation. Are you sure everything ran ok and you didn't have any errors?
  As far as I know it's or the owa package which is not correct or an incomplete install of APEX.
  Did you try to recompile the invalid objects already? @?/rdbms/admin/utlrp.sql
  If all of that doesn't work I would try to reinstall APEX.
  Regards,
  Dimitri
  http://dgielis.blogspot.com/
  http://www.apex-evangelists.com/

• Problem connecting developer 6i with database 10g express edition

  i have installed developer 6i on windows xp
  then installed database 10g express edition in different folders
  i am able to connect to the database 10g from the sql command line
  but i cannot connect from the form builder in 6i
  as soon as i try to connect the form builder shuts down
  i have copied tnsnames.ora from the 10g to the 6i and it doesn't connect
  does anyone know why this is happening ?
  please help me solve this issue ???

  then installed database 10g express edition in different foldersWhich version ? Universal or Western European ?
  Universal version uses AL32UTF8 character set and Forms 6i does not work with it.

• Securing Individual Application Express Application

  Hi All,
  I would like to secure an individual Application Express application at the Apache level. What I am looking at doing is ensuring that only an individual URL is available on a specific port. I was wondering what is the best way to do this.
  Eg:- Users are allow to navigate to
  http://mysever.somedomain.com:7799/apex/f?p=101
  NOT to http://mysever.somedomain.com.:7799/apex/f?p=4550
  Thanks
  Brett

  My recommendation is to install HTML DB in the instance that has the data you need in your application. We have a test and production database for each "type" of database. Our types of databases are OLTP and Data Warehouse. This results in two test databases and two production databases. We have HTML DB installed in each of these database instances. We use a test Oracle Application Server's HTTP server to serve the 2 test HTML DB installations and a production OAS HTTP server to serve our 2 production HTML DB installations.
  Reasons for 4 HTML DB installations
  - We wanted the application as close to the data for quickest response time!!
  - We wanted to keep it simple by not having to deal with database links. Database links are only used when the application requires the combination of database from different sources.
  - We wanted our test/development application work separated from the running production applications.
  - We have IT people as well as non-IT people in other departments developing applications, so we wanted the production HTML DB installation controlled by IT people. Non-IT developed applications are migrated into production by IT people. The IT people control all database structure changes as well in the production database.
  This is what we went with. Our developers provided this configuration to the DBA to implement. Sometimes there is a battle as to how many HTML DB installations to make. The developers want more and the DBAs want less.
  Mike

• How can you SELECT via Database Link CLOB data using Application Express?

  Customer Issue:
  Developer using Oracle's Application Express 3.1. The Developer is trying to SELECT a CLOB datatype column from a remote (10.2.0.3) database, via a database link on her 10.2.0.4 based client Application. The Developer wants to be able to select CLOB data from the remote database which has limitation that she can't make any changes to the remote database.
  Developer's Comments:
  I do a select and get the error. Getting error ORA-22992: cannot use LOB locators selected from remote tables. So she feels she can't use dbms_lob.substr in this configuration I can do a "select into" but that is for one value. I am trying to run a select statement for a report that brings back more than one row. I do not have permission to change anything on the remote database. I want to access the remote database and multiple tables.
  This is not something I work with, would greatly appreciate help or ideas. Is this a limitation of the 3.1; or does she just not have this set up correctly; or should she be using a Collection (if yes, please share example)
  Thanks very much,
  Pam
  Edited by: pmoutrie on Jun 4, 2009 12:01 PM
  Hello???
  Would really appreciate an answer.
  Thanks,
  Pam

  This may not be a perfect solution for you but it worked for my situation.
  I wanted to grab some data from Grid Control's MGMT$JOB_STEP_HISTORY table but I couldnt' create an Interactive Report due to the existance of a CLOB column. I cheated this by creating a view on the GC DB, grabbing the first 4000 characters and turning it into a varchar2 column:
  create view test_job_step_history as
  select job_Name, target_name, status, start_time, end_time, to_char(substr(output,1,4000)) output
  from MGMT$JOB_STEP_HISTORY where trunc(end_time) > trunc(sysdate)-90
  In an APEX Interactive Report:
  select * from test_job_step_history@GCDB
  Granted, the output looks aweful right now but I am only looking for a very particular output (failed, denied, ORA-, RMAN-, etc) so the formatting isn't the most important thing to me right now.
  If anyone can improve -- and I'm sure you can -- on this I'd love to hear about it.
  Thanks,
  Rich

• Minimum resources for Oracle Application Express

  Hi,
  I'm new to the forum, and a bit confuse here trying to find an answer to what supposedly is a simple question:
  What kind of resources do I have to have to develop and deploy screens with Oracle Application Express?
  The scenario:
  I have this Oracle application all created in forms that we are planning to give to our customers in a web based.
  I'm looking for options to convert it and many forums are talking about how easy and inexpensive (free) the Oracle Applications Express is.
  Then, talking with my main developer, he told me that in order to use it, the client need to spend quite a while in IAS (Oracle's Internet Application Server) and/or have to have the Enterprise version.
  I'm looking for white papers on that and could not find any corroboration, but just texts telling that it's free and easy to use.
  Any one can point me to the right directions on this issue?
  Just want to know what exaclty do I need in order to use (creating and deploying) the Applications Express.
  Right now I have Standar Edition 10q as well as my client
  THank you

  If you want to develop an intranet web application, the HTTP server that comes with Standard Edition 10q would do. However, if you are thinking of it as an internet application then you better separate DB and web server. In that case you need to have either Oracle HTTP Server or Oracle Application Express Listener. Oracle HTTP server requires a license and usually bundled with DB or an Application Server. I believe Oracle Application Server is no longer being offered/available instead web logic server is made available. The basic edition of web logic would do as all you require is Oracle HTTP Server to broker the requestes between the web and the database. As far as I know, Oracle HTTP server is not being offered standalone. As mentioned above the other alternative is Oracle Application Express Listener but requires one of the J2EE complaint web servers like web logic, Glassfish, OC4J or TOMCAT.
  Hope this helps!
  Chandra Movva

• ABAP Development Workbench with WAS 6.4 ?

  Where to get ABAP Development Workbench ?
  Hello sap gurus, I am new to ABAP. I alredy have SAP NetWeaver Enterprise Portal on MaxDB - Developer Edition Sneak Preview installed on my server. However I want to use the ABAP Development Workbench.  I do now want to buy a book with cds or go to the sap shop site to get minisap.
  Is there any way to Use ABAP Development Workbench with Web Application Server 6.4 or 6.1?
  If yes where to get the WAS 6.1?
  Thanks

  Hi,
  What you need to install is the ABAP stack. This would be on your Netweaver installation CDs. Please have a look at service.sap.com/instguides for more in-depth installation instructions.
  If you just have the Portal then you only have the Java stack (the Portal is really just an application deployed to the Java stack.)
  Also do soe searches on SDN on how to integrate the 2 stacks..,

• Is WAS 6.2 needed to develop and deploy BSP applications

  I'm currently on SAP v4.71. I'm trying to find out if WAS 6.2 is needed to develop and deploy BSP applications or is BSP available straight from the 4.71 box.
  Any input is greatly appreciated.
  Thanks

  Hello sap gurus, I am new to ABAP. I alredy have SAP NetWeaver Enterprise Portal on MaxDB - Developer Edition Sneak Preview installed on my server. However I want to use the ABAP Development Workbench.  I do now want to buy a book with cds or go to the sap shop site to get minisap.
  Is there any way to Use ABAP Development Workbench with Web Application Server 6.4 or 6.1?
  If yes where to get the WAS 6.1?
  Thanks

• Regarding Integration of all HTMLDB Applications

  Hi all,
  We have three apex applications, say 112,149,103.
  Can we integrate all of them into single interface?
  Such that users no need to give different paths for each application, i.e by giving single path we should access all three of them.
  Any ideas most welcome.
  Thanks ,
  Srini

  Srini - A user enters (or issues) a request for a page in an application using the browser. The user can type the URL to the page into the browser's location window, the user can use a bookmark, or the user can click on a hyperlink situated in an HTML page.
  Links on Application Express pages can be created using HTML in HTML regions or by using other page components that include HTML, by using list items, navbar entries, breadcrumbs, parent tabs, or dynamically generated output to the browser. Links can also be produced from report queries and of course, are the result of page branches. All of these techniques are fundamental in any developer's use of Application Express. The key thing to remember is to include the current session ID in any such links and in your situation, where you want to link to "other" applications, to specify the other application's ID as a hard-coded ID or alias and not as the usual &APP_ID. or equivalent.
  Scott

• Database security with PUBLIC EXECUTE privileges for Application Express

  I recently tried installing APEX into an existing database containing a data warehouse. Security on this database is quite controlled and PUBLIC EXECUTE to SYS owned objects had been removed. Ie there was no PUBLIC EXECUTE on:
  DBMS_LOB
  UTL_HTTP
  UTL_FILE
  UTL_SMTP
  UTL_RAW.
  When I tried to install APEX, I got all kinds of errors and logged a TAR. The analyst told me to grant execute to public to the above SYS owned objects. This contradicts the "Policies" in 10G Grid control and the Metalink Notes 131752.1 &
  Note:247093.1.
  Can these execute privileges be changed to another user in the htmlDB
  application such as FLOWS_FILES? Or HTMLDB_PUBLIC_USER? What is the security reccomendations for Oracle Application Express? Calling any product managers out there....

  Developers/users have started clicking around and are now getting errors. There is a function called CUSTOM_AUTH and one called CUSTOM_HASH which do not compile. They have complain about not seeing UTL_RAW so had been relying on PUBLIC synonyms. here's the 1 function:
  create or replace function custom_hash (p_username in varchar2, p_password in varchar2)
                           return varchar2
                           is
                           l_password varchar2(4000);
                           l_salt varchar2(4000) := '2ZVKZMILYMGVFRFXOZIVZ72RJNJY8V';
                           begin
                           -- This function should be wrapped, as the hash algorhythm is exposed here.
                           -- You can change the value of l_salt or the method of which to call the
                           -- DBMS_OBFUSCATOIN toolkit, but you much reset all of your passwords
                           -- if you choose to do this.
                           l_password := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
                           (input_string => p_password || substr(l_salt,10,13) || p_username ||
                           substr(l_salt, 4,10)));
                           return l_password;
                           end;

• Creating or copying application express users from development environment

  Hello,
  Hope someone can answer my question soon.
  I am kind of new to the application express development and to Oracle database too ( about 8 month). I developed an application on development environment at my work. Now it's time to deploy this application to test and production environment. This application is secured so I had an ACL page were I setup 2 users that they can view and edit data, and I setup myself as an admin for this application.
  I succsessfully deployed the application on the test and production environment but I cannot login and not other users. How do I setup or to copy same users from Development to production environment.
  I am using apex 3.0.1 and database 10g.
  on Development I have workspace called development and the schema is DEV. For production I have a workspace called production and the schema called prod. So I am dealing with different 2 workspaces and 2 different schemas but one database instance.
  Thank you in advance for your assistance.
  Kind Regards,
  Sofia.
  Edited by: user633945 on Oct 15, 2008 3:36 PM

  Hello,
  APEX has a utility to export the workspace and the users. In the application, go to export/import --> export --> workspace users (this is not the default view, and you’ll need to choose it). This will generate a SQL script you can import into the source instance.
  In general, it’s best to keep the same environment in the development (test) and production instances – The same workspace ID, name, and application ID. These are pre-condition to be allowed to import single page/components between the instances. Otherwise you will have to import the entire application, each time you need to update the application.
  In case you can’t maintain the same environment in your instances, you’ll need to manually edit the exported script. If the workspace already exist, you need to delete the ‘Workspace’ section. Then you’ll need to edit the user details, setting the default schema correctly.
  Hope this helps,
  Arie.

• VPD and Context With Application Express

  Dear All
  i'm going to build application using application express and oracle database enterprise , VPD Implemented on the schema using Context,
  for developer issue i set on login trigger to set user ;
  but i can't view data inside application but i can view it using sql statement
  So is their issue in Apex when using VPD , Context , or On log on trigger?
  thanks

  Logon triggers won't work with web apps using a connection pool like APEX. The VPD context should be set via the APEX VPD application security attribute.
  http://download.oracle.com/docs/cd/E17556_01/doc/user.40/e15517/bldr.htm#CHDFCFGD