Securing File Uploads

Oracle Application Express enables you to easily build an application that can be used to upload files and to access uploaded files. These files are uploaded into a common file storage table. Although the database view APEX_APPLICATION_FILES shows those files associated with your database account (or workspace), programmatic access to the common file storage table does not always require authentication, enabling other users to see your uploaded files. For this reason, Oracle recommends that developers either use the methods described in "About BLOB Support in Forms and Reports" or use the methods described in Oracle Application Express How To Documents for file upload on OTN at:

http://www.oracle.com/technetwork/developer-tools/apex/overview/index.html

Either of these methods results in the uploaded files being stored in schema tables and not the public table.

See Also:

"Differences Between Page Items and Application Items" and "About Item Types" to learn more about creating a File Browse page-level item