20.1.2 Web Server Security Considerations
Review Oracle REST Data Services security considerations.
- About Configuring Oracle REST Data Services with Oracle APEX
Oracle APEX requires access to the web server, Oracle REST Data Services
Parent topic: Understanding Administrator Security Best Practices
20.1.2.1 About Configuring Oracle REST Data Services with Oracle APEX
Oracle APEX requires access to the web server, Oracle REST Data Services
Oracle REST Data Services (formerly known as Oracle APEX Listener) is a J2EE application which communicates with the Oracle Database by mapping browser requests to the APEX engine database over a SQL*Net connection. In a production environment, you deploy Oracle REST Data Services web archive files to a supported Java EE application server, like Oracle Web Logic Server. Each deployment can be configured individually and serves the same purpose as a mod_plsql
Database Access Descriptor, which is to communicate with an Oracle database.
An Oracle REST Data Services deployment configuration contains several security related parameters. In a configuration for APEX, Oracle recommends to set the parameter security.requestValidationFunction
to wwv_flow_epg_include_modules.authorize
. This activates the white list of callable procedures which ships with APEX and prohibits calls to other procedures. This can be extended using the validation functions shipped with APEX.
Parent topic: Web Server Security Considerations