Skip to main content

Happy Turkey Day

Tomorrow, I'm off to Los Angeles for the remainder of the week to visit with my wife's family for Thanksgiving. While LA isn't exactly my favorite city, it should be a good time catching up with her family & friends. We're going to see a taping of the Jimmy Kimmel show on Wednesday, so that should be interesting. Amy Smart is the guest, and Def Leppard is performing outside – that alone is a reason to make the trip!

I'm putting the finishing touches on my MAOP Keynote and technical session. I've also changed the topic of my Technical Session to Integrating Oracle HTML DB with the Oracle eBusiness Suite. I simply didn'y have time to get the Oracle Forms presentation in order, hence the last minute change. At one of my current contracts, I've been working extensively with the eBusiness Suite and HTML DB, so I think that this will make for a good story, with lots of advise and best practices.

If you plan on attending the Keynote on Friday, I will say this – it will be something very different than I’ve done in the past. Hopefully, different will be a good different, not a bad different!

Anyways, to the US readers, have a Happy Thanksgiving! To those overseas, enjoy a full week of work! :)


ian said…
Scott, I'm using HTMLDb release 2 on a 10.2 RDBMS. This is the last paragraph of a TAR I've got open with Oracle at the moment. I would be extremely interested in your thoughts.
'The security clamp on the development server is bespoke, i.e. my customer's
business (MOD) requires this clamp, or something quite like it, to be in place
on all client and server machines in the production environment. We have
solved the problem of HTMLDb functionality when using the development server
effectively as a client, i.e. using IE6 on the server to try to access HTMLDb,
by using IE6 on the server to add the URLs that didn't work to the 'trusted
sites' list.
There is a possibility, therefore, that in the production environment the
client machines will have to be similarly configured, that is, adding the
production URLs to the 'trusted sites' list on every client (this would not be
acceptable to my customer). We are in the process of trying to obtain suitably
clamped clients for our development environment to try to test this theory.
All we can be sure of is that HTMLDb 1.6 did not and does not present a similar
In terms of the substantive reason for this TAR it could be closed as we now
have functionality, however, this has raised other questions which need to be
resolved urgently.'
Scott said…

The major security component which changed from 1.6 to 2.0 is that all URLs require a valid Session ID.

Ensure that if you're calling HTML DB pages in your application that the &SESSION. or :APP_SESSION variable is being used.

Otherwise, you'll be prompted for a username and password.


- Scott -
Mark said…
Any chance that you could publish the white paper on here ( or anywhere )? It'd be great to have some "real world" info on integrating 11i with HTMLDB.
Scott said…

You can download the slides here.


- Scott-

Popular posts from this blog

Thanks, ODC (Oracle Developer Community)!

I owe a lot of thanks to the ODC - which stands for Oracle Developer Community.  What is ODC?  You may remember it as OTN, or the Oracle Technology Network.  Same people, different name.  Why they changed it I can't say.  People just liked it better that way... (love that song)

In any case, what am I thankful for?  A lot.  To start, the tools that I use day in and day out: SQL Developer, ORDS, Oracle Data Modeler, SQLcl and - of course - APEX.  Without these tools, I'm likely on a completely different career path, perhaps even one that aligns more closely with my degree in television management.

While the tools are great, it's really the people that make up the community that make ODC stand out. From the folks who run ODC and the Oracle ACE program to the developers and product managers who are behind the awesome tools, the ODC community is one of, if not the greatest asset of being involved with Oracle's products.

If you have yet to get more involved with this communi…

Spaced Out

A while back, I wrote about how to give the Universal Theme a face lift.  If you follow the steps in that post, the base font for an APEX application with the Universal Theme can easily be changed.

While that's all well and good, sometimes you only want to change the font for a report, not the entire page.  One of the applications that I'm building contains a number of IRs based mostly on log data.  Thus, having that data in a monospaced font would make it a whole lot easier to read.

You can search Google Fonts for monospaced fonts by selecting only that option on the right-side menubar.  You can also opt for the standard yet kinda boring Courier and achieve the same thing.

To implement this in your application, follow the steps in my other post, but stop shy of the final step.  Instead of pasting in the text that I specify, paste in the following to the Custom CSS field in Theme Roller, using the name of the font you selected for the font-family:

.a-IRR-table tr td { font-fam…

Logging APEX Report Downloads

A customer recently asked how APEX could track who clicked “download” from an Interactive Grid.  After some quick searching of the logs, I realized that APEX simply does not record this type of activity, aside from a simple page view type of “AJAX” entry.  This was not specific enough, and of course, led to the next question - can we prevent users from downloading data from a grid entirely?

I knew that any Javascript-based solution would fall short of their security requirements, since it is trivial to reconstruct the URL pattern required to initiate a download, even if the Javascript had removed the option from the menu.  Thus, I had to consider a PL/SQL-based approach - one that could not be bypassed by a malicious end user.

To solve this problem, I turned to APEX’s Initialization PL/SQL Code parameter.  Any PL/SQL code entered in this region will be executed before any other APEX-related process.  Thus, it is literally the first place that a developer can interact with an APEX page…