Skip to main content

Posts

Showing posts from 2016

Change image prefix when using ORDS in standalone mode

In Oracle Application Express we can specify instance wide image prefix ( we provide this when installing APEX or later if we run apex/utilities/reset_image_prefix.sql ). Purpose of this blog post in not to explain what image prefix is, but if you would like to know more about it, then I recommend that you read a blog post from Joel Kallman - Image Prefix changes in Oracle Application Express 4.2.2 My blog post is about what we need to do, if we are changing image prefix and at the same time we are using Oracle REST Data Services (ORDS) in standalone mode . If we need to change image prefix, first thing is to run apex/utilities/reset_image_prefix.sql script and here we specify new image prefix - for example /i_test/ After this change when accessing APEX login page we will see this warning: I find this warning very useful. It's telling us that we have to verify that we have copied images directory to right location and also that our new path is /i_test/ . In case w

Application authorization scheme

When building an application in Oracle Application Express, we can restrict access to pages, regions, buttons, items,... by using Authorization Schemes. In this blog post I will focus on applying scheme to ( all ) pages. For example, I can create a simple scheme, which will just check if I am a valid user: After that, I can go to a page in my application and I can apply this scheme: If I log into the application with user that is not ALJAZ and I go to the page with this scheme, I will see following message: In general, if we want that our application is secure, then we should apply authorization scheme to all pages. Normally our application starts with just a few pages, but in time it will just grow. And sometimes, it can happen that we forget to add authorization scheme to newly created pages. By doing that, every user that can log in in the application has access to this pages. But at least users must still login to access this pages, right? What about if we are