20.2 Understanding Developer Security Best Practices
Learn about security best practices for Oracle Application Express
About Items of Type Password Password items do not emit the text entered to the web browser screen. When creating password items, Oracle recommends using password attributes that do not save session state to prevent the password from being saved in the database in the session state tables.
Preventing URL Tampering Session State Protection is a built-in functionality that prevents hackers from tampering with the URLs within your application. URL tampering can adversely affect program logic, session state contents, and information privacy.