tag:blogger.com,1999:blog-2132893136140848212.post1259776007604131917..comments2023-09-09T03:03:30.219-06:00Comments on Martin Giffy D'Souza on Oracle APEX: Session State Protection in DetailMartin D'Souzahttp://www.blogger.com/profile/06992954599899886499noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-2132893136140848212.post-56895648869075386172013-07-04T18:51:54.859-06:002013-07-04T18:51:54.859-06:00apex_util.prepare_url http://docs.oracle.com/cd/E3...apex_util.prepare_url http://docs.oracle.com/cd/E37097_01/doc/doc.42/e35127/apex_util.htm#CDEIBCJDMartin D'Souzahttps://www.blogger.com/profile/06992954599899886499noreply@blogger.comtag:blogger.com,1999:blog-2132893136140848212.post-25015849421164084732013-07-04T00:58:44.500-06:002013-07-04T00:58:44.500-06:00Hi,
How exactly checksum will generate in Apex ?Hi,<br />How exactly checksum will generate in Apex ?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2132893136140848212.post-60996079448618749892013-07-03T09:46:59.521-06:002013-07-03T09:46:59.521-06:00You can reference the page but you may have some i...You can reference the page but you may have some issues passing in variables. Of course you can test this out easily, I'm just not sure how the checksum will be generated from another application.Martin D'Souzahttps://www.blogger.com/profile/06992954599899886499noreply@blogger.comtag:blogger.com,1999:blog-2132893136140848212.post-2700397861158657172013-07-03T04:26:12.827-06:002013-07-03T04:26:12.827-06:00Hi Martin,
Is it possible to call SSP enabled appl...Hi Martin,<br />Is it possible to call SSP enabled application page URL from other application ? If yes how to handle it ?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2132893136140848212.post-20685821346218951942013-06-04T03:51:46.374-06:002013-06-04T03:51:46.374-06:00Thanks Martin.
APEX_UTIL.PREPARE_URL working corre...Thanks Martin.<br />APEX_UTIL.PREPARE_URL working correctly.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2132893136140848212.post-27170994231758018682012-12-02T23:25:34.076-07:002012-12-02T23:25:34.076-07:00No you can not generate a proper APEX URL with che...No you can not generate a proper APEX URL with checksum just using JS. Since the JS code is downloaded to the browser the salt would be exposed to the client and therefor they could create their own (valid) checksums.<br /><br />The way to create the URLs would still to use the APEX_UTIL.PREPARE_URL function before/while the page is loading. <br /><br />You could create a dynamic action that would return a valid URL using the function above but you'd be exposing your AJAX call to the client and they could enter malicious data and getting back a valid URL thus ruining the whole point.Martin D'Souzahttps://www.blogger.com/profile/06992954599899886499noreply@blogger.comtag:blogger.com,1999:blog-2132893136140848212.post-56098919381655169932012-12-02T17:38:08.757-07:002012-12-02T17:38:08.757-07:00Hi Martin,
How can we apply SSP to pop-up page us...Hi Martin,<br /><br />How can we apply SSP to pop-up page using Javascript? Often we have pop-ups to save users going into another page like below using javascript:<br /><br /><br /> function newPopUp()<br /> {<br /> url = 'f?p=&APP_ID.:50:&APP_SESSION.::NO:RP,50:P50_USER_ID:&P21_USER_ID.';<br /> w = open(url,"winLov3","position=center, top=1,left=0,Scrollbars=0,resizable=0,width=605,height=500");<br /> if (w.opener == null)<br /> w.opener = self;<br /> w.focus();<br /> } <br /><br /><br />I know there is a PL/SQL function to produce APEX URLs which can include a checksum but can the same be achieve in javascript? Cheers.AIhttps://www.blogger.com/profile/00064907830829698227noreply@blogger.comtag:blogger.com,1999:blog-2132893136140848212.post-35276386856110357782012-11-27T16:33:01.712-07:002012-11-27T16:33:01.712-07:00Offhand, none that I know of. You can try the APEX...Offhand, none that I know of. You can try the APEX Collateral page: http://www.oracle.com/technetwork/developer-tools/apex/application-express/apex-collateral-1863614.html<br /><br />They're some 3rd party tools that you can look at which evaluate your application. The main ones are ApexSec by Recx and eSert by EnkitecMartin D'Souzahttps://www.blogger.com/profile/06992954599899886499noreply@blogger.comtag:blogger.com,1999:blog-2132893136140848212.post-54924492995132598262012-11-27T06:00:27.178-07:002012-11-27T06:00:27.178-07:00Is there a whitepaper available that describes APE...Is there a whitepaper available that describes APEX security best practices such that if you followed it's guidance your application would pass rigorous security checkers, etc.?Troy Clarkhttps://www.blogger.com/profile/03019339048555834313noreply@blogger.comtag:blogger.com,1999:blog-2132893136140848212.post-2600475576728509232012-11-23T10:36:48.444-07:002012-11-23T10:36:48.444-07:00Thanks for the clear explanation on this topic.Thanks for the clear explanation on this topic.Kees Vleknoreply@blogger.comtag:blogger.com,1999:blog-2132893136140848212.post-82604798813266662732012-11-20T16:13:19.594-07:002012-11-20T16:13:19.594-07:00Hi Martin
Enjoyed your article, it clearly explai...Hi Martin<br /><br />Enjoyed your article, it clearly explains the topic.Mark Lancasterhttp://oracleinsights.blogspot.comnoreply@blogger.com