Databases Reference
In-Depth Information
Figure 8-2.
Tamper Data invoked on an APEX update screen
The user can simply change
SAVE
to
DELETE
and click the OK button. Editing the page's HTML source
and using Tamper Data to change
SAVE
to
DELETE
has the same end result: the row is deleted. This
demonstrates a key point when developing web applications. The server-side processes must handle all
security and logic, even if the client side (browser) is also doing so. An end user has complete freedom to
post any data, imaginable or not, back to the server. Tamper Data often provides an improved user
experience to handle some validations client side, but those validations should be rechecked server side
as well. While there is a perceived connection between rendering (for example, hiding the delete button)
and processing (doing the delete), the server-side processing is ultimately responsible for all validations
and security.
Web Developer has a variety of additional features, but it also allows the user to view and update
content of the page that would otherwise be hidden. Figure 8-3 is a standard APEX-generated screen.
