Databases Reference
In-Depth Information
Application data
In Oracle Application Express, it is possible to download a report to different
formats. In a classic report, it is possible to deine a column restriction such as:
"Not allowed to include in Export". Unfortunately, column restriction is not available
in Interactive reports and therefore you need to write your own customized code
to create this kind of column restriction. An alternative can be to write your own
customized PL/SQL code to download reports to XML. This technique is very well
explained at the following blog:
http://spendolini.blogspot.co.uk/2006/04/custom-export-to-csv.html
An own export routine prevents downloading all data by any authenticated user.
In this way, you can restrict downloading of data to certain groups of users.
The following screenshot shows the column restriction attribute in a classic report:
Fake input
When you use HTML controls, such as select lists, checkboxes, or radio buttons, you
might think that you don't need to validate the input from these since the values are
constrained. However, you cannot count on this. A select list can easily be converted
to a normal text input ield. In Firebug or a web developer, there is an option
available in the menu to convert all select lists on the current page to text ields. So
take care and validate all input. Use a database trigger, a foreign key constraint, or a
check constraint to restrict the values entered by the user.
A classic example from fake input via the Firebug add-on is changing a value that is
selected in a list of values to another value. Fake input via Firebug can be avoided by
creating extra validations within the database.
