Greetings.
Currently on Application Express 4.1.1.00.23
We have a download procedure that is in a lot of our applications. The procedure is used to download attachments, images, etc. from internal tables. The procedure is called from a page, a report column, and a URL, depending on the application. The syntax we use to call the procedure via a URL is shown below. The problem is that the syntax below is not secure. Anyone can call the procedure, even without being authenticated. Is there a way to make the URL procedure call more secure? By secure, I mean only allow the procedure to run if the user is authenticated. Is there a way to include the Session ID in the URL below and have it still work and be secure?
Thanks, Tony
http://server.xxx.com:7000/apex/schema.download_image?p_id=2088