3.4.5 Isolating All Workspaces in an Instance
Instance administrators can configure limits to isolate all workspaces and prevent browser attacks. Workspace administrators can override these default values at the workspace-level.
Note:
To ensure the security and performance of your development environment, some administration functionality is not available in Oracle APEX instances running in Oracle Cloud.- About Isolating Workspaces to Prevent Browser Attacks
Isolating workspaces is an effective approach to preventing browser attacks. - Configuring Instance-Level Workspace Isolation Attributes
Configure isolation and resource limitation default values for all workspaces in an instance.
Parent topic: Configuring Security
3.4.5.1 About Isolating Workspaces to Prevent Browser Attacks
Isolating workspaces is an effective approach to preventing browser attacks.
The only way to truly isolate a workspace is to enforce different domains in the URL by configuring the Allow Hostnames attribute. When the URLs of the attacker and the victim have different domains and hostnames, the browser's same-origin policy prevents attacks.
Workspace isolation by configuring Allow Hostnames is a counter measure against client side attacks that attempt to cross workspace boundaries. This security measure is not necessary if you trust all applications that are accessible using the instance's host which includes applications that are written in other frameworks and languages such as Oracle Application Development Framework (ADF) and Java.
Instance administrators can configure the Allow Hostnames attribute at the instance-level. Workspace administrators can override the instance-level setting for a specific workspace.
Parent topic: Isolating All Workspaces in an Instance
3.4.5.2 Configuring Instance-Level Workspace Isolation Attributes
Configure isolation and resource limitation default values for all workspaces in an instance.
Tip:
Workspace administrators can override these default values at the workspace-level. See Isolating a Workspace to Prevent Browser Attacks.To configure instance-level Workspace Isolation attributes:
Parent topic: Isolating All Workspaces in an Instance