Databases Reference
In-Depth Information
Figure 9-39.
Session-state protection settings for page 210
Now run the Tickets report on page 200 in the application. Hover your mouse over the Edit icon, and examine the
URL. Notice the
&cs=
portion of the URL. The
&cs=
parameter is the checksum that was automatically generated by
APEX. Alter the value for P210_TICKET_ID in the URL, or remove
&cs=
and everything to the right of it, and try to run
the page. You receive an error message similar to that shown in Figure
9-40
.
Figure 9-40.
Checksum error message as a result of URL tampering
Summary
In this chapter, you've applied new security to the Help Desk application by utilizing the key features of APEX. You
implemented a new custom authentication scheme to allow control over users who access the sensitive parts of the
application. You also reviewed conditional security with both authenticated and un-authenticated individuals and
added parameters to allow the application to be used by both.