Skip to Main Content

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Hidden SQL error code in error page source-URGENT !

FunkyNov 22 2006 — edited Nov 27 2006

On error page there is:

<t r><t d><*a href="javascript:window.history.go(-1)">OK</ a></t d>
<t d><b r /></t d></t r></ table>
<!--Application:"100" Page:"8" User:"9999999999998" -->
<!--request: "AJDE_ERROR"-->

<!--command:insert into xe_lobs (id) values(7);-->
<!--lastQuery (1st 1000 chars):begin insert into xe_lobs (id) values(7);
 end;-->
						</ TD>

This code is shown in ordinary user source code of the page (no admin or developer or debug session!).
I have set (in Application Definition "Logging" and "Debugging") all to "no"...but still this code is shown on error page.

I think this is not OK to show real SQL code to ordinary user.

How to prevent this, please this is really urgent for us and we do not see the solution!

Comments

i've logged a bug, thanks for your test case!

1 - 1
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Dec 25 2006
Added on Nov 22 2006
15 comments
1,265 views