Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

How to securely call a procedure.

cloakedNov 7 2013 — edited Nov 7 2013

Greetings.

Currently on Application Express 4.1.1.00.23

We have a download procedure that is in a lot of our applications.  The procedure is used to download attachments, images, etc. from internal tables. The procedure is called from a page, a report column, and a URL, depending on the application.  The syntax we use to call the procedure via a URL is shown below.  The problem is that the syntax below is not secure.  Anyone can call the procedure, even without being authenticated.  Is there a way to make the URL procedure call more secure?  By secure, I mean only allow the procedure to run if the user is authenticated.  Is there a way to include the Session ID in the URL below and have it still work and be secure?

Thanks, Tony

http://server.xxx.com:7000/apex/schema.download_image?p_id=2088

Comments

Processing
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Dec 5 2013
Added on Nov 7 2013
#apex-discussions
4 comments
296 views