Description:
All of these APEX security exposure vulnerabilities can be avoided by careful configuration, but there are many potential security exposures to consider. There are several areas of potential APEX exposure:
- Search Engine vulnerability – If a search engine indexes an Oracle APEX web site, URL’s with exposed data values become public.
- Referrer statistics exposure – If an APEX end-user clicks away from an APEX screen, the referrer URL might send data values to the destination web site.
- Hoover Bots – People can write scripts to replicate APEX transactions, vacuuming out all exposed Oracle data.
- URL Tampering – With improper configuration, end-users can alter their APEX URL and see data outside the scope of the APEX application.
Ajax(Application Process) used call the Oracle Query of APEX_ITEM.MD5_CHECKSUMJava method of Math.random used to get Random no
Random no used to get the Attribute value from Select list
Example : thisObj = objs[rand_no];
if(thisObj){
checksumId=thisObj.getAttribute(‘value’);
return checksumId;
Apex Generate the checksum id per day only one time, I have customized and generated the
checksum id per each page refresh.
Here show the checksum id screenshot,
Summary:
This Post explained what the steps should follow to create Dynamically Generate the Checksum id to solve the apex vulnerability problem.
queries?
Do drop a note by writing us at doyen.ebiz@gmail.comor use the comment section below to ask your questions.
