Skip to main content

Posts

Showing posts from November, 2016

Application authorization scheme

When building an application in Oracle Application Express, we can restrict access to pages, regions, buttons, items,... by using Authorization Schemes. In this blog post I will focus on applying scheme to ( all ) pages. For example, I can create a simple scheme, which will just check if I am a valid user: After that, I can go to a page in my application and I can apply this scheme: If I log into the application with user that is not ALJAZ and I go to the page with this scheme, I will see following message: In general, if we want that our application is secure, then we should apply authorization scheme to all pages. Normally our application starts with just a few pages, but in time it will just grow. And sometimes, it can happen that we forget to add authorization scheme to newly created pages. By doing that, every user that can log in in the application has access to this pages. But at least users must still login to access this pages, right? What about if we are