Apps To Fusion

.......Our Journey from Apps To Fusion

 
  • Increase font size
  • Default font size
  • Decrease font size
We have launched several Development, Functional and DBA Trainings. Visiti http://focusthread.com/training

Save State before branching - New Security feature in APEX 3.2

Thursday, 14 May 2009 17:53 Kishore Ryali
 E-mail | Print | PDF 

You have seen how APEX URL carries parameters when branched from one page to another. Session State Protection can prevent users from tampering URL, but it doesn't help much in not showing parameters in URL. Imagine how it could be a security vulnerability when you pass sensitive information like passwords, ssn etc.


Starting with release 3.2, you can use feature called 'Save State before branching' to hide parameters on the URL. This is one of the most useful security enhancements in APEX 3.2.

How to use Save State before branching?
In branch editor, you can set checkbox Save State before branching as shown in screenshot.

 

Give me an example?
I created a simple page where you can enter name and ssn. When you hit 'Go' button, APEX navigates you to another page which displays the details you entered in previous page.

For this scenario, I created a page (22) with two textfields P22_NAME, P22_SSN and another page (23) with hidden fields P23_NAME, P23_SSN. Go button on page 22 branches to page 23 by setting parameters and uses 'save state before branching' checkbox. On page 23, HTML region displays HTML text using substitution strings &P23_NAME. , &P23_SSN.

 

Now the URL doesn't show parameters.

Branching is not the only way for navigation in APEX. How does this apply for others?
Good question. In APEX, you can navigate to pages by setting parameters using column links as well. In column link target field, you can specify page or target URL. Unfortunately Oracle did not provide 'save state' for column links, that means parameters are shown in URL when navigated to other pages using column links.

You can still do a workaround using hidden items and JavaScript, if this feature is a must to go forward with your application. It won't be clean solution, but I'll try to experiment with it.

URL for the page:

This example can be accessed using the url http://apex.oracle.com/pls/otn/f?p=15944:22

 

Comments (3)add
Workaround for the link
written by Hid , October 27, 2009
To make the link save state you can use this simple workaround:
1) In link settings choose URL as target and put this as the URL text: [removed]doSubmit('REQUEST1')
2) Create a branch to any page, check the save state check box, set condition type: "Request = Expression 1" and put this as Expression 1 value: REQUEST1
report abuse
vote down
vote up
Votes: +1
Data not updating in database
written by Adi_apex , March 18, 2010
Hi Kishore,

can u please help me up fiding solution on this

http://forums.oracle.com/forums/thread.jspa?threadID=1045255&tstart=0
report abuse
vote down
vote up
Votes: +1
OK
written by dembis , April 30, 2010
This really help me.But I have a problem with the hypertext link.How to use this in a Column Link.
Thank you
report abuse
vote down
vote up
Votes: +0
Write comment
quote
bold
italicize
underline
strike
url
image
quote
quote
smile
wink
laugh
grin
angry
sad
shocked
cool
tongue
kiss
cry
smaller | bigger

security image
Write the displayed characters


busy