16.4.7.5.2 Downloading Image with Secure Page Item

When images are user-specific or sensitive, use a hidden page item instead of X01.

For example, page 9005 is a copy of the image-serving page 9000, but it uses the hidden P9005_ID page item value for the P_ID parameter in its DOWNLOAD_BREAKROOM_IMAGE call.

Figure 16-35 Passing Checksum-Protected Hidden Page Item for Image ID


Description of Figure 16-35 follows
Description of "Figure 16-35 Passing Checksum-Protected Hidden Page Item for Image ID"

By default, pages use Arguments Must Have Checksum as the Page Access Protection setting as shown below. This causes APEX_PAGE.GET_URL to generate an additional checksum parameter in every URL. This extra token protects parameter values from manual manipulation.

Figure 16-36 Default Page Access Protection Setting Requires Checksum for URL Arguments


Description of Figure 16-36 follows
Description of "Figure 16-36 Default Page Access Protection Setting Requires Checksum for URL Arguments"

Parent topic: Weighing X01 Against a Secure Page Item