Skip to main content

Happy Turkey Day

Tomorrow, I'm off to Los Angeles for the remainder of the week to visit with my wife's family for Thanksgiving. While LA isn't exactly my favorite city, it should be a good time catching up with her family & friends. We're going to see a taping of the Jimmy Kimmel show on Wednesday, so that should be interesting. Amy Smart is the guest, and Def Leppard is performing outside – that alone is a reason to make the trip!

I'm putting the finishing touches on my MAOP Keynote and technical session. I've also changed the topic of my Technical Session to Integrating Oracle HTML DB with the Oracle eBusiness Suite. I simply didn'y have time to get the Oracle Forms presentation in order, hence the last minute change. At one of my current contracts, I've been working extensively with the eBusiness Suite and HTML DB, so I think that this will make for a good story, with lots of advise and best practices.

If you plan on attending the Keynote on Friday, I will say this – it will be something very different than I’ve done in the past. Hopefully, different will be a good different, not a bad different!

Anyways, to the US readers, have a Happy Thanksgiving! To those overseas, enjoy a full week of work! :)


ian said…
Scott, I'm using HTMLDb release 2 on a 10.2 RDBMS. This is the last paragraph of a TAR I've got open with Oracle at the moment. I would be extremely interested in your thoughts.
'The security clamp on the development server is bespoke, i.e. my customer's
business (MOD) requires this clamp, or something quite like it, to be in place
on all client and server machines in the production environment. We have
solved the problem of HTMLDb functionality when using the development server
effectively as a client, i.e. using IE6 on the server to try to access HTMLDb,
by using IE6 on the server to add the URLs that didn't work to the 'trusted
sites' list.
There is a possibility, therefore, that in the production environment the
client machines will have to be similarly configured, that is, adding the
production URLs to the 'trusted sites' list on every client (this would not be
acceptable to my customer). We are in the process of trying to obtain suitably
clamped clients for our development environment to try to test this theory.
All we can be sure of is that HTMLDb 1.6 did not and does not present a similar
In terms of the substantive reason for this TAR it could be closed as we now
have functionality, however, this has raised other questions which need to be
resolved urgently.'
Scott said…

The major security component which changed from 1.6 to 2.0 is that all URLs require a valid Session ID.

Ensure that if you're calling HTML DB pages in your application that the &SESSION. or :APP_SESSION variable is being used.

Otherwise, you'll be prompted for a username and password.


- Scott -
Mark said…
Any chance that you could publish the white paper on here ( or anywhere )? It'd be great to have some "real world" info on integrating 11i with HTMLDB.
Scott said…

You can download the slides here.


- Scott-

Popular posts from this blog

Logging APEX Report Downloads

A customer recently asked how APEX could track who clicked “download” from an Interactive Grid.  After some quick searching of the logs, I realized that APEX simply does not record this type of activity, aside from a simple page view type of “AJAX” entry.  This was not specific enough, and of course, led to the next question - can we prevent users from downloading data from a grid entirely?

I knew that any Javascript-based solution would fall short of their security requirements, since it is trivial to reconstruct the URL pattern required to initiate a download, even if the Javascript had removed the option from the menu.  Thus, I had to consider a PL/SQL-based approach - one that could not be bypassed by a malicious end user.

To solve this problem, I turned to APEX’s Initialization PL/SQL Code parameter.  Any PL/SQL code entered in this region will be executed before any other APEX-related process.  Thus, it is literally the first place that a developer can interact with an APEX page…

Custom Export to CSV

It's been a while since I've updated my blog. I've been quite busy lately, and just have not had the time that I used to. We're expecting our 1st child in just a few short weeks now, so most of my free time has been spent learning Lamaze breathing, making the weekly run to Babies R Us, and relocating my office from the larger room upstairs to the smaller one downstairs - which I do happen to like MUCH more than I had anticipated. I have everything I need within a short walk - a bathroom, beer fridge, and 52" HD TV. I only need to go upstairs to eat and sleep now, but alas, this will all change soon...

Recently, I was asked if you could change the way Export to CSV in ApEx works. The short answer is, of course, no. But it's not too difficult to "roll your own" CSV export procedure.

Why would you want to do this? Well, the customer's requirement was to manipulate some data when the Export link was clicked, and then export it to CSV in a format…

Refreshing PL/SQL Regions in APEX

If you've been using APEX long enough, you've probably used a PL/SQL Region to render some sort of HTML that the APEX built-in components simply can't handle. Perhaps a complex chart or region that has a lot of custom content and/or layout. While best practices may be to use an APEX component, or if not, build a plugin, we all know that sometimes reality doesn't give us that kind of time or flexibility.While the PL/SQL Region is quite powerful, it still lacks a key feature: the ability to be refreshed by a Dynamic Action. This is true even in APEX 5. Fortunately, there's a simple workaround that only requires a small change to your code: change your procedure to a function and call it from a Classic Report region.In changing your procedure to a function, you'll likely only need to make one type of change: converting and htp.prn calls to instead populate and return a variable at the end of the function. Most, if not all of the rest of the code can remain un…