You have upgraded to Oracle APEX 3.2 and are getting kicked out of your Oracle APEX Builder each time you are going back to your browser window after you have worked on something else for some time? For the last few days I had this problem quite often and it annoyed me a little bit. Being sure that this behavior is configurable, I asked Anthony Rayner during a chat where I can change that. Continue reading
Category Archives: Security
Two new Oracle APEX whitepapers
Ok, they are not brand new anymore, they have already been released last month. But in case you are not reading David Peake’s blog or checking regularly the Oracle APEX website on OTN, the APEX team has published the following two new whitepapers:
- NTLM Authentication (a PL/SQL only solution) and
- Oracle APEX with RAC (Real Application Cluster)
Check them out!
Using Windows Login Credentials for Single Sign On (NTLM authentication)
Most users are lacy and don’t want to enter login credentials each time they start up an Oracle APEX application. They tell you,
“Hey I have already logged in into my computer, can’t you use that information for the APEX application?”.
Sure we can! The NTLM protocol is one way to do that.
Instructions on how to integrate mod_ntlm have been around for quite some time. See the article on HTMLDB Studio and a more up-to-date version by Martin Köb of GreenIT. But that always involves installing mod_ntlm on your Apache.
Jason Straub, a member of the Oracle APEX development team did some digging and found a PL/SQL only solution which doesn’t require mod_ntlm. Have a look at his first blog posting called “NTLM HTTP Authentication and Application Express” and welcome him as new member of the Oracle APEX blogging community!
Jason, welcome and keep blogging such great articles!
Warning: DBMS_LDAP.simple_bind_s/ APEX_LDAP.authenticate and NULL password
Just came across a very strange behavior of the DBMS_LDAP.simple_bind_s and APEX_LDAP.authenticate procedure which I used to do a basic LDAP authentication against our MS Active Directory server.
I used the following simple test code
Continue reading
Adding a CAPTCHA to your Oracle APEX application
Haven’t had the requirement to add one in my applications until now, but after reading Dan’s posting about integrating reCAPTCHA with Oracle SSO, I thought that shouldn’t be to hard to integrate into an Oracle Application Express (APEX) application too! A nice challenge for the evening 
Update on 08-Nov-2011: This is now also available as an easy to use item type plug-in for Oracle APEX 4.0. Have a look at the Google reCaptcha plug-in at http://apex.oracle.com/plugins.
I know that there are some similar solutions out there on the OTN forum and on the unOfficial Wiki page, but the SVG solution isn’t very secure in my opinion and the other solution uses an unsupported non-public package of Oracle APEX. So how can we integrate the reCAPTCHA widget instead?
Oracle APEX related articles you should read
Lately a few Oracle APEX related articles have been published which you should read.
- John Scott posted a whitepaper about “APEX – Delivering Pages in 3 Seconds or Less” which he held on Colab 07 in Las Vegas.
- Dimitri Gielis also posted the whitepaper of his presentation about “APEX by Example: Shared Components“.
- The security section of the unOfficial APEX Wiki has been updated with a lot of additional information.
Using Google Account for APEX authentication
Read a very interesting posting on Przemek Piotrowski blog about using the Google Account credentials for an APEX application login.
The method described uses the Google Account Client Login API for verifying the user.
More details at Application Express user authentication using Google Account.
I think that’s a good example of the flexibility of APEX to adapt to the different needs of an application.