Review Oracle REST Data Services security considerations.
188.8.131.52 About Configuring Oracle REST Data Services with Oracle Application Express
Oracle Application Express requires access to the Web listener, Oracle REST Data Services
Oracle REST Data Services (formerly known as Oracle Oracle Application Express
Listener) is a J2EE application which communicates with the Oracle Database by mapping
browser requests to the Application Express engine database over a SQL*Net connection.
In a production environment, you deploy Oracle REST Data Services web archive files to a
supported Java EE application server, like Oracle Web Logic Server. Each deployment can
be configured individually and serves the same purpose as a
Database Access Descriptor, which is to communicate with an Oracle database.
An Oracle REST Data Services deployment configuration contains several security related parameters. In a configuration for Oracle Application Express, Oracle recommends to set the parameter
wwv_flow_epg_include_modules.authorize. This activates the white list of callable procedures which ships with Oracle Application Express and prohibits calls to other procedures. This can be extended using the validation functions shipped with Oracle Application Express.