Learn about developer best practices for securing file uploads.
Oracle APEX enables you to easily build an application that can be used to upload files and to access uploaded files. These files are uploaded into a common file storage table. Although the database view
APEX_APPLICATION_FILES shows those files associated with your database account (or workspace), programmatic access to the common file storage table does not always require authentication, enabling other users to see your uploaded files. For this reason, Oracle recommends that developers use the methods described in Understanding BLOB Support in Forms and Reports, with the files being uploaded directly to a table in your workspace schema, or if you need programmatic access, uploaded to
APEX_APPLICATION_TEMP_FILES. When you use the built-in methods of files access, the authorization checks on the page also apply to file access.
- About the Differences Between Page Items and Application Items
- About Item Types to learn more about creating a File Browse page item