Today I wrote my 1.000th posting

Today I wrote my 1.000th posting!!! Ok, it wasn't my 1.000th blog posting, but at least I did that many postings on the OTN APEX forum.

But it's really hard to keep up with the other guys. Like Scott (9700), Vikas (5879), John (3184) and the others in the top ten. Joel (1619) and Arie (1602) are currently having a close match, fighting for the 8th place. For me, there is still a long way to go to reach place 10th. Raj currently has 1453 postings... So let's talk again in a year :-)

« ... Read full posting ... »

DZone.com and Password security

I have forgotten my password for my DZone.com account, but lucky me most of this web-sites have a "Forgot password?" link as DZone has. So I clicked the link, entered my username and a second later I got a mail from DZone.

But the content really surprised me. Nowadays you would expect and especially from such big Web 2.0 web sites that password security is one of there top security priorities.

But look at he mail I got:

You or someone on dzone.com has requested a mail containing your password.

Username: xxxx
Password: here_is_my_password_in_clear_text

You can login to dzone.com at:

http://www.dzone.com/login.html

If you did not request this password email, please disregard it.

They are sending you the current password in clear text!!!

So what does that mean? It has to be stored in clear text or in a reversible crypted version on there system too! Have they every heard that you never ever store a password that way?!?! You always store it with a non-reversible crypto algorithm, so that if the data gets stolen or if somebody brakes into there system, he is not able to get the clear text passwords of there users.

Because with that information and the e-mail address, it's most time quite easy to hack a lot of other accounts of that user! Most people don't use different passwords for there different accounts.

I'm really surprised that such a big web-site has such a security flaw...

So you should really consider what password you are using on DZone.com...

« ... Read full posting ... »

Oracle 11g: Native Web Services

Just stumbled across an interesting paragraph in the New Features in Oracle XML DB for Oracle Database 11g Release 1 about Database Native Web Services.

The feature didn't get that much attention yet on the Oracle 11g related blog postings, but according to the description it's a real nice improvement compared to the 10g solution.

So what is it all about?

It allows you to publish your PL/SQL packages/procedures/functions as a web service with zero coding and zero deployment effort!

Maybe you have already heard of the SOA (service-orientated architecture) hype and probably your manager or the Java guys have already asked you how you want to participate with your old legacy PLSQL/Oracle APEX code in the "new and everything is now better" world of SOA and BPEL. This native integration of web services into the database is the answer. Probably you even have to do less work then the Java guys to expose your business service... ;-)

Another goody is that you don't need the additional application server infrastructure anymore as you had to have it with the existing JDeveloper solution which generated a Java wrapper for your PL/SQL package. That's especially useful in an Oracle APEX environment where you don't need an application server anymore. Another moving piece is gone...

Really looking forward to try out Oracle 11g myself.

See also my related posting Oracle 11g more infos.

Update: Check out Paul Gallagher's blog posting First Tests of 11g Native Web Services for more information about this feature.

« ... Read full posting ... »

Oracle 11g some more infos

Just noticed that Oracle has put some more information about Oracle 11g onto OTN.

There are a lot of whitepapers available on OTN. For example the Oracle Database 11g New Features Overview which even mentions Oracle APEX! Ok, they mention it on the last page, but at least! :-)

Another interesting read is Oracle Database 11g Application Development which gives an interesting overview of the new PL/SQL enhancements in Oracle 11g like

• PL/SQL native compilation: it's now much easier, no extra C compiler and no linking, ...
• SQL Query Result Cache: sounds very promising to speed up some lookup SQL statements for configuration data
• PL/SQL Function Result Cache: like SQL Query Result Cache, I think sometimes really useful if you have functions which are based on tables which do not change very often
• Fine Grained Dependency Tracking: that's also a nice one. It helps to speed up your application deployment, because it keeps better track of the dependencies between database objects and PL/SQL packages to avoids unnecessary invalidation of packages
• PL/SQL Scope: read that for the first time, but that could be interesting to build some nice QA reports of your PL/SQL code. Hope to get more information about that soon.
• PL/SQL Profiler enhancements: to get even more statistics about your executed PL/SQL code.

Can't wait to get a grab on some more detail documentation about this features and the new built-in packages in Oracle 11g. BTW, this document gives again a quick introduction into Oracle APEX. This time on page 6 :-)

Arup Nanda does a series about "Oracle Database 11g: Top New Features for DBAs and Developers" which you should also check out.

Update:

Watch the Oracle launch video.

« ... Read full posting ... »

Think.com received an award from the Prince of Wales!

Just read on Rob Smyth's Blog that Oracle's Think.com platform won the Merrill Lynch "Investing in Young People" award!

But what does this have to do with Oracle APEX?

A lot!! Because Think.com is developed with Oracle APEX!!! And according to Rob it serves 7,393 schools and 643,003 pupils!

So congratulation to the team which developed and runs Think.com, because it's a good example that Oracle APEX can not just be used for small department level applications!

« ... Read full posting ... »

Enable "Add picture" for the HTML editor

The new HTML editor widget which was introduced in Oracle APEX 3.0 is a big enhancement compared to the old one in APEX 2.x and it works with all browsers.

The HTML editor is based on the open source editor FCKeditor. A few features have been removed, because they would require some server side code. One of them is to include images into the entered text.

But Carsten Czarski from the German APEX Community comes to our rescue!

The last edition contained a very interesting tip which shows how to re-enable the "Add picture" feature for the FCKeditor.

The article is only available in german, but with the help of Google Translation you should get enough information to follow the step by step instruction.

• Original German version
• Translated English version

For the translated version you have to scroll to the right to see the images. I don't know why Google Translate is doing that.

BTW, if you haven't subscribed yet to the biweekly editions of the German APEX Community, you should do now!

« ... Read full posting ... »

How to run Javascript code for a PPR Report?

Maybe you have already used a PPR (Partial Page Rendering) report, by setting the "Report Template" property to "template: 7. Standard (PPR)".

That's quite a nice feature, because not the hole page is rendered when you are paginating through the report, just the report itself is refreshed with an AJAX call. But what happens if you want to run some Javascript code after the report content has been refreshed? For example to hide the "Select All" checkbox of the row selector.

If you put the code into the onload event or in the footer of the page, it will fire the first time when the page is rendered, but not when just the report content is refreshed with the AJAX call.

It also doesn't help to put the code into the header or footer region of the report, because that part isn't refreshed by the partial page rendering, just the content.

If you have read one of my previous posting about Auto Refresh Flash Charts, then you probably already know how it can work.

APEX has a Javascript function called init_htmlPPRReport which is called when the PPR report content is displayed and that gives us the opportunity to plug in our code into that function so that it is also executed.

Put the following example code into the "Region Header" of your report

<script type="text/javascript">
var vOriginal_init_htmlPPRReport = init_htmlPPRReport;

init_htmlPPRReport = function(pId)
{
  alert("init_htmlPPRReport called");
  vOriginal_init_htmlPPRReport(pId);
};
</script>

to be called each time the report content is displayed. I have also created a working example where you can try it out.

« ... Read full posting ... »