Databases Reference
In-Depth Information
The following screenshot shows the last step of applying the authorization schema to
the application:
Database schema
All SQL and PL/SQL commands issued by this application will be performed with
the rights and privileges of the database schema deined. The domain of the available
schemas is deined per workspace.
URL tampering
For URL tampering, no extra programming code is necessary, there are no special
circumstances, and anyone can learn how to do it. URL tampering can adversely
affect the program logic, session state contents, and information privacy. A lot of
developers are unaware of URL tampering, and the results can be disastrous.
Session state protection against URL tampering
You need to always be protected from people who deliberately want to harm. A
classic example in an Oracle Application Express application is a form that is linked
to a report. A record is selected from the report, and is presented in a corresponding
form. So, you need to protect passing values from one page to another through a
URL. If session state protection is not on, one is able to automate the ID in the URL
change (URL tampering), and data from another record will be displayed. This will
give the information from another record, without passing through the application.
