From APEX 5.0 SOD: Application Builder Security – Allow different authentication schemes to be used to control developer access to the Application Builder.
Can someone from Oracle, please provide more detail on this line. IE: will it be possible to export and import applications to provide protection on the APEX code?
The desired goal is to either completely hide or encrypt (similar to pl/sql wrap functionality) the APEX code.
The application builder administrator, at the import site (the customer), should not be able to over-ride or reverse the protection implemented by the designer/developer.
It should also not be capable to discern the code from either APEX or SQL query.
It would also be necessary to allow existing 4.2 APEX applications to be upgraded to take advantage of the application protection features. IE: it would not be limited to newly created applications.
The statement "Allow different authentication schemes to be used to control developer access to the Application Builder" refers to a goal of flexible authentication for the Application Express development environment. It has nothing to do with obfuscating PL/SQL code of an APEX application.
Right now, there are no plans for Application Express 5.0 to obfuscate the PL/SQL code embedded in an APEX application. At best, what could be done is to "wrap" it, which is not encryption whatsoever. It is obfuscation and it can be unobfuscated.
excerpt below from 4.2 statement of direction (Last Updated: April 18, 2012); note Application Development line:
## begin excerpt ##
Oracle Application Express 4.2
Oracle Application Express 4.2 will focus on enhancement to existing functionality and additional capabilities to support applications running on mobile devices. Application Express 4.2 is planned to incorporate the following:
Mobile Applications – Enhanced themes and HTML templates to enable developers to declaratively create mobile applications and/or mobile pages.
Charts - Incorporate HTML 5 charting capabilities.
Web Services – Provide declarative specification of RESTful Web services mapped to SQL and PL/SQL.
Application Deployment – Provide enhanced capabilities for packaging and distributing APEX applications to improve protection of intellectual property rights and ease customization.
Numerous functional and performance improvements.
## end exceprt ##
Apologies, i realize the thread is closed; however, if you happen to catch this last update. Does the below reply earlier indicate that there may be inclusion of LDAP and or other authentication methodologies implemented to verify user access to APEX?
RE: The statement "Allow different authentication schemes to be used to control developer access to the Application Builder" refers to a goal of flexible authentication for the Application Express development environment.