O'Reilly logo

Oracle Application Express 3.2 by Matthew Lyon, Arie Geller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Session state protection

Earlier in this book we looked at how buttons and branches can populate page items and application items via the APEX URL. We often use this technique to pass unique identifiers or other items in the URL to customize the page we are calling. An example of this is when we have a search page that calls an update page; we want the update page to display the record selected in the search page. As these items are passed in the URL, it could be possible for a user to tamper with the URL and add, remove, or modify items and their values.

To demonstrate URL tampering, let's assume we have an edit employee screen that accepts an employee number parameter to determine which employee record to edit. The following URL will display ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required