Databases Reference
In-Depth Information
Even though session state protection helps to prevent URL tampering, there really
should be other security measures on the pages, or even better in the database to
prevent unauthorized access. On the page, you can prevent access to the whole page
or objects on the page using authorization schemes. The best approach is making
use of database triggers, instead of triggers, check constraints or Virtual Private
Database. (VPD)This to prevent unwanted access.
Browser security attributes
Oracle Application Express 4.1 added two new Browser Security attributes:
Cache
and
Embed in Frames
. These attributes can be found by navigating to
Shared
Components | Security Attributes | Browser Security (region)
.
The following screenshot shows the
Browser Security
attributes region in the
shared components:
Cache
Oracle Application Express 4.1 and higher contain two browser security attributes.
The attributes are named
Cache
and
Embed in Frames
.
This feature requires browsers that support the HTTP
header response variable
cache-control
.
Embed in Frames
Embed in Frames means that the browser is allowed to display application pages
within a frame.
Valid values are as follows:
•
Deny
: The page cannot be displayed in a frame
•
Allow from same origin
: The page can only be displayed in a frame as the
same origin or the page itself
•
Allow
: The page can be displayed in any frame
