1 Reply Latest reply: Jun 29, 2014 8:17 PM by GhanaApexDeveloper RSS

    Security issue with wwv_flow.show and wwv_flow.accept using Apex authentication

    450214

      Hi,

       

      We are using oracle apex version 4.2.0.00.27 version, with apex_listener 2.0.5.287.04.27 version running on web logic server.

      We DO NOT have SQL developer configured to do the APEX Listener Administration.

       

      The issue what we see is , when user enters the url for eg:

       

      https://test.testing/pls/apex/wwv_flow.show

       

      There is an oracle error returned like below.

       

      ErrorError processing request.
      ORA-01403: no data found
      OK

       

      This may reflect like a Security issue like a Anonymous user trying to intrude/ communicate with the DB.

       

      Is there any way to prevent the request being send to the Oracle database ??

       

       

      Thanks

      MK