Preventing debug information in production APEX app

How can I disallow the option for users to change SEARCH_PI:NO to SEARCH_PI:YES and see the associated APEX session information? Is there a way to globally turn this feature off? We are concerned about URL tampering and security issues associated with APEX in our production environment.
Thanks,
Leif

Leif,
You can turn off debugging at application level, by going to:
Application > Shared Components > Application Definition > Name > Debuggingand set Debugging to 'No'.
Also, as you are rightly concerned about URL tampering, you should take a look at session state protection which is an in-built feature for protecting the URL, see the docs here:
http://download.oracle.com/docs/cd/E10513_01/doc/appdev.310/e10499/sec.htm#CDDGIGJH
Hope it helps,
Anthony.
http://anthonyrayner.blogspot.com

Similar Messages

  • Libclntsh.so.10.1 stripped no debugging information

    Hi
    We are using Oracle 10.2.0.1/10.2.0.2 on Itanium server.
    We get the following error message when debugging one of our executables.
    We are unable to display any of our variable values during debugging. I believe this is because of the Oracle error messages that are given below ------
    =============================================
    warning: The shared libraries were not privately mapped;
    setting a
    breakpoint in a shared library will not work until you
    rerun the program;
    stepping over longjmp calls will not work as expected.
    Use the following command to enable debugging of shared
    libraries.
    chatr +dbg enable <executable>
    warning: Load module /u01/app/oracle/product/10.2.0/lib/libclntsh.so.10.1
    has been stripped.
    Debugging information is not available.
    warning: Load module /u01/app/oracle/product/10.2.0/lib/libnnz10.so
    has been stripped.
    Debugging information is not available.
    0xc000000000326c10:0 in __sigtimedwait_sys+0x30 ()
    =============================================

    yes, in fact I have an Oracle Consultant looking into the issue since three days but of no helpl
    I can connect to the source database using sqlplus on this machine and can run a query. But OBI is throwing error.
    Not sure what else is missing. Any suggestions?
    Here is the user.sh
    # Oracle Parameters
    # Make sure that Oracle DB 32 bit Client is installed
    ORACLE_HOME==/obieesbos1/obi/oracle/product/10.2.0/db_1
    export ORACLE_HOME
    TNS_ADMIN=$ORACLE_HOME/network/admin
    export TNS_ADMIN
    PATH=$ORACLE_HOME/bin:/opt/bin:$PATH
    export PATH
    #LD_LIBRARY_PATH=$OracleBI_HOME/server/Bin:$LD_LIBRARY_PATH
    #export LD_LIBRARY_PATH
    #LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH
    #export LD_LIBRARY_PATH
    # If you have Linux 64 bit Platform, and would like to run Oracle BI 32 bit
    # then you must install Oracle DB 64 bit client, and this client comes with
    # 32 bit libraries under $ORACLE_HOME/lib32. The LD_LIBRARY_PATH in this case
    # shall be like this:
    LD_LIBRARY_PATH=$ORACLE_HOME/lib32:$LD_LIBRARY_PATH
    export LD_LIBRARY_PATH

  • Problem registering apex app with sso

    I followed the instructions listed in Note:353023.1 to register an apex app as an sso application.
    when i go to the url:
    http://portal.research.na.admworld.com/pls/REMGThtmldb/f?p=100:1
    i get:
    Bad Request
    Your browser sent a request that this server could not understand.
    mod_plsql: /pls/REMGThtmldb/f HTTP-400 Invalid name
    i've redone everything several times. i must be missing something simple. any clue as to what this could be?

    Hi Chris,
    I had a lot of problems getting SSO working. The name of the partner application had to be HTML_DB and in the WWSEC_ENABLER_CONFIG_INFO$ table I had to change the port in LSNR_TOKEN to :80. You will find lots of other posts about SSO problems.
    One thing you can do is to set debug on as explained in step 6 here: http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
    Regards Pete

  • I am feeling so ripped off right now. I have wanted a Mac for years and believed the hype about it's stability and I have had more trouble with this Imac 2011 than I have ever had with a pc. It locks up with several software products from APP store.

    I am feeling so ripped off right now. I have wanted a Mac for years and believed the hype about it's stability and I have had more trouble with this Imac 2011 than I have ever had with a pc. It locks up with several software products from APP store. I have already had to have a technician to look at it and really couldn't figure out what the deal was.  I was told that the APP store software should give me no problems but the truth is that it locks up on the software. This machine is only 4 weeks old and I am using 37 g on a 1 T hard drive. There is no reason for it to be locking up. Also, when I try to use the help program, it always tells me that I am not connected to the internet even though I have used both the mail program and the browser with no problem just before that. I successfully used the help program on my pc lots of times. I did not need a $2000. plus machine to just get email. I just wanted to unload on somebody that might understand my pain and after checking out this site...I think there is a few of you out there.

    I was told that the APP store software should give me no problems but the truth is that it locks up on the software.
    The apps downloaded from the Mac App Store are written by third party developers, not Apple. If you have problems  with those apps you need to visit the support area for their websites. Launch the App Store, locate the app name. You should see a support link.
    when I try to use the help program, it always tells me that I am not connected to the internet even though I have used both the mail program and the browser with no problem just before that
    Go to ~/Library/Preferences. Move the com.apple.helpviewer.plist file from the Preferences folder to the Trash. Restart your Mac, try the Help menu.
    If you need help finding that file, hold down the Finder icon in the Dock then click: New Finder Window. From the menu bar top of your screen click: Go > Go to Folder. Type this in exactly as you see it here:   ~/Library/Preferences/com.apple.helpviewer.plist    That will take you right to that file.
    (.plist) files stores information about a particular app or in this case, the Help viewer. Often times deleting the .plist file resolves the issue.
    It's fine to "unload"... we understand that you expect your iMac to be stable but there are times when things go awry. That's why we have these forums so that you can you get help.
    You may want to read up on how to repair the disk if necessary or reintsall Lion >  OS X Lion: About Lion Recovery
    Apple - Find Out How - Mac Basics
    How to "switch" from PC to Mac >  Apple - Support - Switch 101
    I'm sorry you feel, "ripped off", but you are using the world's most advanced operating system and it may take some time to adjust to a new OS.   http://developer.apple.com/technologies/mac/

  • Best practice when developing APEX apps and using a SVN repository

    Hi experts,
    I wanted to get your opinion on best practice regarding how to use SVN and APEX combined.
    The idea is basically how to structure and how to save APEX apps the best way in a repository.
    I am currently working with a custom SVN structure, not using the default TRUNC/TAGS one : every app has a folder , under every app folder i have PAge number folders, and for each page reports, regions and global objects separated.
    This helps me because its more readable then saving the whole page export, its good for small changes and i have a clear overview of every bit and piece.
    What is everybody else using or is there a best practice to follow here that i dont know?
    Kind regards,
    Alex

    @tomaugerdotcom
    Something like this might help: https://testflightapp.com/
    Concevably, you could roll your own internal service if that particular one doesn't suit you. (I don't have any knowledge about how they are doing it, but it shouldn't be hard to figure out since Apple's constraining rules would only allow a few possibilities.)
    USB app install and debugging isn't supported on iOS. You have to use wireless.
    Another option specifically for multi-touch dev/testing, is to use an Android device.

  • 'Sensible' Definition & Security settings for a Production APEX environment

    Hi Folks.
    What's the feeling on Definition and Security settings for a production APEX application?
    Here are my settings for my UAT environment (not quite in production just yet)
    Debugging: NO
    Status: AVAILABLE
    Build Status: RUN APPLICATION ONLY
    Authorization Scheme : MUST NOT BE PUBLIC USER
    Session State Protection: ENABLED
    In the APEX Administration setup, access to my site is restricted by IP also. As a consequence I think it's buttoned down quite tightly but, eventually, we plan to open this up to the Big Bad Web!!
    What are your thoughts on the pro's and con's, the why's and wherefore's of one setting or another.
    I'm hoping this thread will prove to be a good forum for discussing APEX application security configurations and a reference for others.
    Please feel free to link to whitepapers of relevance.
    Maybe someone could take up the challenge of producing an 'UNHACKABLE' :-) APEX website?
    Simon.

    Hi Simon,
    If you're just talking about instance settings, then you might also add to that using the 3.1 runtime only instance.
    If we're opening it up to application design, well...that's a whole other matter ;)
    John.
    http://jes.blogs.shellprompt.net
    http://www.apex-evangelists.com

  • Runtime environment for the production apex instance

    My first goal is to export a full application from a full development environment to a runtime environment.
    The two environments are on dedicated servers.
    From Oracle Application Express documentation and Oracle Application Express Forum, I realized that to install an exported application into a runtime installation, you must:
    1) Export the workspace from the Application Express instance where the application was developed. The export file created contains information about the workspace, all the users in the workspace, and any groups in the workspace (if applicable).
    2) Use SQL*Plus to import your workspace in to the runtime environment.
    3) Export and then import your application (with Supporting Objects) using SQLPlus in to the runtime environment. The related files
    This means that to be able to import an application via SQL*Plus from a development environment to a runtime environment, the workspace must exist (with the identical workspace ID) in the runtime environment. And the best way to ensure that the workspace IDs are the same is to export the workspace from the development apex instance and import it into the runtime apex instance.
    Also, you can't change the application ID through SQL*Plus - so if you're importing the application via SQL*Plus, either a) that application ID can't exist, or b) if it does exist, it will be overwritten by the import (of course, in case b we don't export/import also supporting objects).
    I know that there are some tricks, like editing the application export file just to import into a workspace with a different ID in the production runtime environment. But i wuold like to be official supported ;)
    So in my case i think i could, for the first export/import:
    1) Convert the production apex instance from runtime environment into a full development environment.
    2) Export the workspace from the development instance using the apex administration services (in a text file).
    3) Import the exported workspace into the production instance using the text file created and SQLPlus connect as APEX_030200.
    FOR THE NEXT POINT 4 I ASSUME THAT EXPORTING/IMPORTING A WORKSPACE DOES NOT INCLUDE THE SCHEMAS ASSOCIATED WITH THE WORKSPACE.
    4)
    a1) Create a new schema for the supporting objects of applications in the production instance with a DBA tool.
    a2) Assign the schema created in the production instance to the workspace imported from the development instance, using the apex administration services.
    or, if you want apex creating the schema for the supporting objects of applications:
    4)
    b1) Create a new workspace (with a new schema) in the production instance using the apex administration services.
    b2) Delete the workspace created in the production instance: the schema will not be removed.
    b3) Assign the schema created to the workspace imported from the development instance.
    5) Delete the users and eventually the groups in the imported workspace in the production instance, using the apex administration services.
    6) Change the name of the imported workspace in the production instance, using the apex administration services.
    7) Convert the production apex instance from full development environment to runtime environment.
    8) Export the application (with supporting objects) from development instance, using the export page.
    9) Import the application (with supporting objects) to the production instance using SQLPlus connect as APEX_030200.
    10) Export all associated files (related files) of the application (CSS, Images, Themes, ...) from developmente instance, using the tabs located at the top of the export page.
    11) Import the related files to the production instance using SQLPlus connect as APEX_030200.
    So, for next the next releases of the application i can again export the full application:
    1) Export the application (without supporting objects) from development instance, using the export page.
    2) Import the application (without supporting objects) to the production instance using SQLPlus connect as APEX_030200.
    3) Export all updated associated files (related files) of the application (CSS, Images, Themes, ...) from developmente instance, using the tabs located at the top of the export page.
    4) Import the exported related files to the production instance using SQLPlus connect as APEX_030200.
    or i can export and import single pages of the application.
    Excuse me for the long introduction, but the question is:
    what i have written is correct? Please let me know also your advice.
    Thanks a lot.
    Silvio

    HI,
    Thanks for responding.
    Should the APEX_ADMIN be available in a runtime environment?
    If so, we have missed a step in our installation.
    Keisha

  • Making debug information display - more questions

    Hi all - I work on a remote CF server and need debugging information displayed at all times. Unfortunately, I lost my dedicated IP address which could be plugged into the server, which gave me the privilege of seeing the information i need.
    Earlier this week, I left a message on this forum related to this issue and was told to use <CFSetting ... to resolve the issue.
    I've tried it and have not been able to see server variables and other debug information information.
    Will this tag override the server variable "Enable Debugging" if that is set to "no"? (I suspect not, but no hurt in asking.)
    Also, is there some way or some service that can take my new dynamic IP and resolve it to a static IP number? Right now, I use dynDns.com to resolve the issue, but this results in a domain name, and not a domain IP, which can be used in CF MX Administrator.
    Note that this is how I have the tag setup.
    <cfsetting
       enableCFoutputOnly = "yes"
       showDebugOutput = "yes" >
    Do I understand how this tag is supposed to work? I want to see all server information on every page. Does CFSetting only work when there is an error?  Arrrrrrggggggg - I'm very needy right at the moment to resolve this issue.

    As I replied in your earlier post, NO <cfsetting....> does not override the debug setting in the administrator.
    If debugging is turned off in the administrator, ColdFusion does not generate ANY debugging data.  This is a performance gain, and is often done on production servers.
    For the <cfsetting....> tag to work.  Debugging has to be turned on, AND you have to be connecting to the server with an IP that is allowed to see the debugging.  If there are now IP's set in the filter, then ALL IPs can see the debugging output.
    This is what many ISP's will do.  They will turn on debugging and provide no IP filters so that every user will see the debugging output and leave up to the developers to use the <cfsetting....> tag to display or not display the output as desired.
    To answer your second question.  DNS is not going to help you.  You need to provide an IP address, DNS is for providing an Domain Name to substitue for an IP address.
    The only idea I could have, is if you could find a proxy service that would give you another IP address and then proxy that address to yours.  But that sounds like a rather flaky option to me.

  • Debug information missing

    I have been developing Flex 3 on the Mac using Textmate. I
    use Console to read debug information in flashlog.txt.
    It's been working perfectly. However, I just re-installed
    Flex 3 Builder and now no debug information is showing up in
    flashlog.txt. I ran the "silent installer" in /Applications/Adobe
    Flex Builder 3/Player/mac/Flash Player 9 Silent Installer.app as
    directed by the main Flex 3 Builder installer.
    Any thoughts? I'm dead without the debug info...

    <cfqueryparam> is normally used when you want to sanitize user input (URL or Form scope data etc) that is passed to a database query. In this case the string "IN STOCK" is hard-coded, so why not just use:
    SELECT * FROM SHOP_FINDINGS
    WHERE ROWNUM<=20 AND OPER_NAME = 'IN STOCK'
    Does that SELECT statement work? Also, try specifying the column names in the SELECT, rather than using the * wildcard. The parentheses are not needed in your statement either I don't think. This error normally occurs when you specify a missing column name or wildcard, or if a bracket/comma is missing or doesn't match etc. Re-check the query and write a test template to just issue one query to test it perhaps.

  • [svn:osmf:] 13448: Adding WebPlayerDebugConsole: a tiny AIR application that shows the debugging information generated by WebPlayer instances .

    Revision: 13448
    Revision: 13448
    Author:   [email protected]
    Date:     2010-01-12 08:17:12 -0800 (Tue, 12 Jan 2010)
    Log Message:
    Adding WebPlayerDebugConsole: a tiny AIR application that shows the debugging information generated by WebPlayer instances.
    Added Paths:
        osmf/trunk/apps/samples/framework/WebPlayerDebugConsole/
        osmf/trunk/apps/samples/framework/WebPlayerDebugConsole/.actionScriptProperties
        osmf/trunk/apps/samples/framework/WebPlayerDebugConsole/.flexProperties
        osmf/trunk/apps/samples/framework/WebPlayerDebugConsole/.project
        osmf/trunk/apps/samples/framework/WebPlayerDebugConsole/src/
        osmf/trunk/apps/samples/framework/WebPlayerDebugConsole/src/WebPlayerDebugConsole-app.xml
        osmf/trunk/apps/samples/framework/WebPlayerDebugConsole/src/WebPlayerDebugConsole.mxml
        osmf/trunk/apps/samples/framework/WebPlayerDebugConsole/testCertificate.p12

  • Want to remove debug information

    Hello everyone,
    I am wondering how to remove debug information (for example, System.out or System.err) automatically when I build/compile a Java project? Does Java compiler or build tool has such options when we build/compile a Java application?
    Thanks in advance,
    George

    The resource you recommended is very helpful. If I
    can not use 3rd party libraries in my application,
    are there any other approaches to remove debug
    information?
    regards,
    GeorgePls be forewarned that this is not perhaps the cleanest way to do it, but it will work.
    //begin with writing our own utility that prints to the console
    package com.mylogger;
    class MyLog
       private final static Printwriter out = new PrintWriter(System.out, true);
       private static boolean shouldPrint;
       static
              //read a property from a config file
              //the property should be set to true for say development
              //and false for say production
              Properties props = new Properties();
              props.load(ClassLoader.getSystemClassLoader ().getResourceAsStream("path to your config file"));
              boolean shouldPrint = Boolean.valueOf(props.get("shouldPrint")).booleanValue();
       public void log(String str)
              if(shouldPrint)
                      out.println(str);
              else
                     //do nothing, no output statements to console
    }hope this helps.
    tx,
    ram.

  • Bought Premiere CC, but no way to download.. No product on apps download page.

    Bought Premiere CC, but no way to download.. No product on apps download page.
    Needed software today, but no one responds to me.
    Download link on confirmed order:
    An email confirmation will be sent to you shortly. Print this page for your records.
    To access your purchased products in the future or to check your order status, visit your My Adobe account.
    Order date: Jun 15, 2013
    Order number: AD008230985
    Status: Processed
      We’re sorry, but a system error occurred. To complete your purchase immediately, please call Adobe Phone Sales at (800) 585-0774 to place your order, or try Adobe.com again later.
    Billing & Shipping
    Billing information:
    Richard Hitchcock
    Shipping information:
    Same
    Order Summary
    US $19.99
    Renews monthly
    (Tax not applicable)
    Creative Cloud single-app membership for Adobe Premiere Pro (one-year)
    Quantity: 1
    Download
    $ 00
    (Tax not applicable)
    Subtotal 
    US $19.99
    Promotion
    US $0.00
    Shipping
    US $0.00
    Tax
    US $1.37
    Total
    US $21.36
    Message was edited by: Rave

    Hi rmhdata2,
    Please refrain from posting personal information on public forum.
    If Premeire Pro is not listed in App Manager in CC for download then your system might be incompatible.
    The App Manager only lists the softwares supported on your system configuration.
    64 bit support is required for Premiere Pro.
    Please check the tech specs at : http://www.adobe.com/products/premiere/tech-specs.html

  • "disable" locks in Apex app

    Hi Apex Gurus,
    I have an apex app running for 4+ years without much problems/attention needed, which catches daily 15000 new recs from multiple users and some update recs by same users.
    But today our DBA showed me a list of at least 15+ locks, which were created by the same user by accident of some key(s) pressed obviously, as quite some locks were created in same seconds. I was asked to "disable" such locks in the app. I don't have an idea how to do it, or even can it be done.
    Can anyone help? Thanks in advance!
    DC

    Are the locked objects in the FLOWS_XXXXXX schema or are they in your parsing schema(s)? Do any of your applications explicitly lock rows? Please ask your DBA to send you the report that is showing these locks so that you can post it in this forum. If you drove your car to a mechanic and told him it was making a funny noise, would you expect him to diagnose the issue based on that information alone? ;)
    Tyler

  • How can i disable debug information from the end user

    By changing debug flag in the url to YES it is possible to view debug information. i want to disable debug information, so that end user could not see debug information. can anyone please tell me the solution.

    Sundhar,
    when you export the application select Debugging:No
    It's one of the available properties together with Build Status, Export Comments, Export Supporting Objects Definitions and so on.
    Bye,
    Flavio
    http://www.oraclequirks.com

  • The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

    got event ID 4015 and source DNS-Server-Service. please suggest how to fix this issue
    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
    Raj

    Hi
     first run "ipconfig /flushdns" and then "ipconfig /registerdns" finally restart dns service and check the situation,also you can check dns logs computer management ->Event viewer->Custom Views->Server roles->DNS.

Maybe you are looking for