Apps To Fusion

You have seen how APEX URL carries parameters when branched from one page to another. Session State Protection can prevent users from tampering URL, but it doesn't help much in not showing parameters in URL. Imagine how it could be a security vulnerability when you pass sensitive information like passwords, ssn etc.

Give me an example?
I created a simple page where you can enter name and ssn. When you hit 'Go' button, APEX navigates you to another page which displays the details you entered in previous page.

For this scenario, I created a page (22) with two textfields P22_NAME, P22_SSN and another page (23) with hidden fields P23_NAME, P23_SSN. Go button on page 22 branches to page 23 by setting parameters and uses 'save state before branching' checkbox. On page 23, HTML region displays HTML text using substitution strings &P23_NAME. , &P23_SSN.

Now the URL doesn't show parameters.

Branching is not the only way for navigation in APEX. How does this apply for others?
Good question. In APEX, you can navigate to pages by setting parameters using column links as well. In column link target field, you can specify page or target URL. Unfortunately Oracle did not provide 'save state' for column links, that means parameters are shown in URL when navigated to other pages using column links.

You can still do a workaround using hidden items and JavaScript, if this feature is a must to go forward with your application. It won't be clean solution, but I'll try to experiment with it.

URL for the page:

This example can be accessed using the url http://apex.oracle.com/pls/otn/f?p=15944:22

Comments (1)

Subscribe to this comment's feed

Write comment

Name

Email

Title

Comment

smaller | bigger

Subscribe via email (Registered users only)

Write the displayed characters

Add Comment