I created this Blog to share my knowledge especially in Oracle Application Express (APEX) and my feelings ...
Tuesday, March 27, 2007
Somebody to get you introduced
I really would like to hire him to begin our Apex Evangelists training days!
When somebody like that introduces us... oh boy, I'm sure you won't forget our trainings ;-)
APEX getting famous
A lot of us blogged about it (my blog-roll intercepted these):
- Apex Evangelists
- Bernhard Fischer-Wasels
- Dietmar Aust
- Dimitri Gielis
- Jean-Philippe Pinte
- John Scott
- Patrick Wolf
Probably a lot more articles will follow!
Thursday, March 22, 2007
Adobe Flex and Oracle
It's not that difficult to get it running. I got a hint of Marc M. which parameters I should use in the startup of my oc4j and from that moment it worked really nice.
You should start the oc4j as:
"%JAVA_HOME%\bin\java" %JVMARGS% -Xmx1024m -Doc4j.jmx.security.proxy.off=true -jar "%OC4J_JAR%" -userThreads %CMDARGS%
What did I use and why? (my configuration):
- Oracle Database 10gR2 - data
- Oracle Application Server 10g (stand-alone - 10.1.3.1) - hosting app and monitoring
- Adobe Flex Data Services - binding with data
- Adobe Flex Builder (with sample apps) - building Flex app
- JDeveloper (10.1.3.1) - deploying app
A screenshot to show you the proof ;-)
Friday, March 16, 2007
APEX 2.2.1 upgraded to 3.0 with success
It took me about 56 minutes to have the upgrade running.
(During the upgrade I received an ORA-00257 = problem with archiver - if you've the same error, look at Note:278308.1 in Metalink to solve it)
The first tests were successful... To get pdf printing working, a bit more is necessary, as BI Publisher or an XSL-FO server is necessary. You find the integration steps here.
The new version of APEX 3 on my local machine, exact version Application Express 3.0.0.00.20
The screen after installing APEX 3.0
Thanks APEX-Dev team! This new version is great!
APEX 3.0 out! Get it now!
Also, the APEX OTN page is restyled!
Wednesday, March 14, 2007
Apex Evangelists goes live!
Today John Scott and myself are launching Apex Evangelists, we formed the idea for an Application Express services company during one of our many discussions at Oracle Openworld and over the last few months have honed our idea of what we are going to provide.
The idea behind Apex Evangelists is that we will use our knowledge and experience of Application Express to provide a range of services, some of which are listed here -
- Application & Website Development (plus of course hosting)
- Training & Coaching (onsite and in our European Training Days)
- Application and Database Migrations
- Support Services
Our primary goal is to be able to provide these services to the European market and to generally evangelise (hence the name!) about how beneficial using APEX can be to European companies. We also decided that in order to take on bigger projects than just two of us could handle and to also cover more of the European market we would also need to involve other great enthusiastic APEX developers, so we're pleased to announce that Dietmar Aust, Patrick Wolf, Denes Kubicek will be helping us in our quest.
These are very exciting times and I'm sure that there are busy times ahead!
APEX 3.0 public (online)
I'm sure the downloadable version will be available soon!
Saturday, March 10, 2007
The history (I know) of APEX
A short overview of how I got in touch with APEX (aka HTMLDB aka Project Marvel).
In 2000 (I was working at Oracle) I saw a demo of an application made in WEB DB. I didn't play that much with WEB DB, but some of my (ex-)Oracle colleagues really loved it. Nevertheless in some projects around that time I used mod_plsql...
A few years later I saw a powerpoint presentation of "Project Marvel". From the beginning I thought, "waaaw" this looks very good and promissing. I think it was around February 2003 I got more information about this project. I even found a screenshot in my archives from that time.
In September 2003 I first heard the name HTML DB. That was the first time I really played with it, I think it was v1.3. I still have a zip of version 1.4 ;-)
I think my first message about APEX (HTMLDB) in the OTN forum was on Oct 1, 2003 2:06 AM. Apparently at that time I was working with v1.4: http://forums.oracle.com/forums/thread.jspa?messageID=554340
Raj, at that time one of the HTMLDB developers, answered me!
The rest you know, as it was public: HTML DB v1.5 -> v1.6 -> v2 -> APEX.
I also found a pdf describing the history.
To show you the difference, a screenshot of the current APEX version
(but that you know, I suppose)
Friday, March 09, 2007
Document management in ApEx
But come on! That's changed already for a long time. ApEx is a real development framework! The community already released a lot of applications and sample code. A lot of the people in the ApEx community are sharing their knowledge and experience...
Still not convinced? Have a look at the below application... It's a free application that you can download on the OTN site. The roll-over menu when you click on readme.txt is very nice, as is all the rest in there. This is just one example of what ApEx can do.
You can login as dg_docm/dg_docm (username/password)
Tuesday, March 06, 2007
Getting to know yourself
Not sure if this is "well-known" in the world of IT and Consulting.
Saturday, March 03, 2007
SQL injection? No, Cursor injection
It shows once more that writing proper code is important, as is getting your database to the right patch level.
--
Off topic: Carl Backstrom blogged about a music clip called "Code Monkey" here. You should see it, it's fantastic!
--
Friday, March 02, 2007
Doing a whitepaper? Begin early enough!
This night I was not alone! My friend John Scott was also working on his presentation ;-) When you know you're not alone doing these things that need to be done, it's a bit easier. We also triggered each other once and a while. Thanks John to keep me alive!
It's my first whitepaper for a big event, so I thought I should blog about my experience doing that and also to warn the others not to make the same mistake.
I submitted my extract, that's easy... I had also my presentation in my "head" (I thought), so writing this whitepaper shouldn't take that long. That was a *big* mistake, or should I say a miscalculation. ;-)
I started with the concept of what I wanted to tell: ApEx Shared Components, what can they do? and why and how I used them in DG Tournament. A manual is great, but it doesn't show you that specific thing working in a real environment, so I wanted to cover that area.
Of course I love some screenshots, as an image says more then thousand words, so I made a lot of them and included it in the whitepaper.
When I was writing things down, I thought: "Will this be interesting enough for the public?", "Does all this get fit in an one hour presentation?" etc.
So, I asked John Scott and Doug Gault to have a look at the very first draft of the paper. They sent me some comments and tips how to improve (thanks guys).
That's something I learned from Tom Kyte, he told once that it's important to have good reviewers.
I realize now I should have asked more people to read my whitepaper or let them reread the current version. Well, next time I'll try to do better and think about what happened this week.
Finally my Tips & Hints when you want to do your first whitepaper:
- Prepare yourself
- Know what you want to write about
- Know what you want to tell to the audience
- Start early
- Let good people review your paper
- Adapt accordingly
- If time becomes an issue: get enough coffee ;-)
This is my advice so far, I wish I had followed all of that myself!
If you're having some other tips for me, don't hesitate to put a comment.
Thursday, March 01, 2007
Session State Protection and URL Tampering in ApEx
For the moment I described it like this in my whitepaper (comments to make it better are welcome):
Session State Protection
Enabling Session State Protection can prevent hackers from tampering with the URLs within your application. URL tampering can adversely affect program logic, session state contents, and information privacy.
In DG Tournament
Why?
For security reasons! URL Tampering - Web based applications, including those developed in Oracle Application Express often pass values from one page to another through a URL. A clever enough user may observe this and override a value by typing his own value in the location field of his browser. For example in DG Tournament, when logged in as Admin, I can see a list of all users. When I click on that user for his details I see the same screen as a normal user would see in the “Your Profile” page. The URL that’s doing that call looks like this:
f?p=103:10:240848379705417::NO::P10_USER_ID:70
My application is 103, on page 10 with session id 240848379705417 (my session has a unique nr) you see at the end: P10_USER_ID:70 which means that my record (Dimitri Gielis) is user_id 70. By putting this in the url, the session knows about this value.
When “Session State Protection” is disabled you can easily see another user by changing the url to
f?p=103:10:240848379705417::NO::P10_USER_ID:71
This will give me the record (user) with user_id 71, without passing through the application I can obtain other information.
When “Session State Protection” is enabled you get a message like on the above screenshot, which tells you that the session state protection is violated.
How?
- At the moment the Session State Protection is disabled.
- To enable, disable, or configure Session State Protection using a wizard, click Set Protection.
- Click the Enable Session State Protection button
- We can see that the Session State Protection is now Enabled
- By clicking on the Page button you get following screen
- Select the page you want to protect, in DG Tournament for ex. User Detail and change the Page Access Protection.You can also go onto Item level to set the protections.
- That will add to the end of the url a checksum. An example of the previous url, but protected:
f?p=103:10:240848379705417::NO::P10_USER_ID:70&cs=3831E8EB498FF406064BE08337E72A9DF When you try to change the user_id from 70 to 71 you get a message that the session state protection is violated.