20.2 Understanding Developer Security Best Practices

Learn about security best practices for Oracle APEX developers.

• About Items of Type Password
  Password items do not emit the text entered to the web browser screen. When creating password items, Oracle recommends using password attributes that do not save session state to prevent the password from being saved in the database in the session state tables.
• Identifying At Risk Password Items
  Identify at risk password items by viewing the Security Profiles report and Password Items report.
• Understanding Cross-Site Scripting Protection
  Protect your application from a cross site-scripting security breach.
• About Session State and Security
  Learn about managing session state and security.
• Preventing URL Tampering
  Session State Protection is a built-in functionality that prevents hackers from tampering with the URLs within your application. URL tampering can adversely affect program logic, session state contents, and information privacy.
• About Securing File Uploads
  Learn about developer best practices for securing file uploads.

See Also:

• Understanding Administrator Security Best Practices
• About Oracle APEX Administrator Roles