Skip to main content

APEX-GURU

Search This Blog

Safety Tips for SQL Injection in Oracle APEX

Get link
Facebook
X
Pinterest
Email
Other Apps

There are some safety tips to save your APEX Application from SQL Injection
Use bind arguments
Parameterize queries using bind arguments. Not only do bind arguments eliminate the possibility of SQL injection, but they also enhance performance
Avoid Dynamic SQL with concatenated input.

E.g.: EXECUTE IMMEDIATE 'DROP TABLE ' || 'emp_' || loc;

Filter and sanitize input
Number of functions that can be used to sanitize user input and to guard against SQL injection in applications that use dynamic SQL
Reduce Attack Surface
Ensure that all excess DB privileges are revoked and that only routines intended for end-user access are exposed.

Note
Put intelligent field-character limits and data types on input fields.
Don’t disable the ‘escape special characters’ settings in APEX fields.
If you must escape special characters, use the

APEX_ESCAPE.HTML_WHITELIST();

function.

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Post a Comment

Popular Posts

Classic Report Feature ? Oracle APEX

As an APEX developer, thinking about reports, the following picture comes to mind ... the typical, tabular layout of data. But Classic Reports can do more - these are, for sure, one of the most versatile components in Application Express. The reason is that classic reports are template-driven. Developers can create their own report templates and visualize data however wanted. But Application Express also provides a few classic report templates - out of the box. These allow data visualizations, which make it hard to believe that there is an APEX classic report behind this. In this posting, we'll give an overview of the alternative report templates provided with Application Express. A lot of information comes from the Universal Theme Sample Application ( apex.oracle.com/ut ) - there you'll find even more information on the Look & Feel variants of APEX components. Now let's get started with the first alternative classic report template. In Page Designer, naviga...

Add Shortcut in Oracle APEX

Define your shortcut in your Oracle APEX Application page by using this code. Add-in Function and Global Variable Declaration. apex.actions.add({ name: "submit-with-count", shortcut: "Ctrl+F9", action: function() { apex.submit('P17_COUNT'); } });

Powered by Blogger