21.2.6 About Securing File Uploads
Learn about developer best practices for securing file uploads.
Oracle Application Express enables you to easily build an application that can be
used to upload files and to access uploaded files. These files are uploaded into a
common file storage table. Although the database view
APEX_APPLICATION_FILES
shows those files associated with your
database account (or workspace), programmatic access to the common file storage table
does not always require authentication, enabling other users to see your uploaded files.
For this reason, Oracle recommends that developers use the methods described in "Understanding BLOB Support in Forms and Reports," with the files being uploaded directly to a table in your workspace schema,
or if you need programmatic access, uploaded to
APEX_APPLICATION_TEMP_FILES
. When you use the built-in methods of
files access, the authorization checks on the page also apply to file access.
See Also:
-
"About the Differences Between Page Items and Application Items"
-
"About Item Types" to learn more about creating a File Browse page-level item
Parent topic: Understanding Developer Security Best Practices