1 Reply Latest reply on Jun 15, 2019 2:20 PM by Carsten Czarski-Oracle

    APEX Resource Files Security ???

    jerome.c.pangilinan

      Hi All,

       

      Is there a way to block access to Oracle Application Express resource files (js,css, etc.) without a valid session?

       

      files like these:

      /i/18.1.0.00.45/themes/theme_42/1.1/js/modernizr-custom.js?v=18.1.0.00.45

      /i/18.1.0.00.45/libraries/font-apex/2.0/css/font-apex.min.css?v=18.1.0.00.45

       

       

      Details:

      Product Build18.1.0.00.45
      Oracle Database 12c EE High Perf Release 12.2.0.1.0 - 64bit Production
        • 1. Re: APEX Resource Files Security ???
          Carsten Czarski-Oracle

          Hi Jerome,

           

          the /i/ folder contains pure static resources. in Many environments, there are served by the Apache (or other) web server - APEX or the database is not hit at all when such a file is requested.

           

          so, the answer is no - there files are always accessible - like any other static file on a web server.

           

          What is the reason for this requirement...?

           

           

          best regards

           

          Carsten