Skip to main content

Happy Turkey Day

Tomorrow, I'm off to Los Angeles for the remainder of the week to visit with my wife's family for Thanksgiving. While LA isn't exactly my favorite city, it should be a good time catching up with her family & friends. We're going to see a taping of the Jimmy Kimmel show on Wednesday, so that should be interesting. Amy Smart is the guest, and Def Leppard is performing outside – that alone is a reason to make the trip!

I'm putting the finishing touches on my MAOP Keynote and technical session. I've also changed the topic of my Technical Session to Integrating Oracle HTML DB with the Oracle eBusiness Suite. I simply didn'y have time to get the Oracle Forms presentation in order, hence the last minute change. At one of my current contracts, I've been working extensively with the eBusiness Suite and HTML DB, so I think that this will make for a good story, with lots of advise and best practices.

If you plan on attending the Keynote on Friday, I will say this – it will be something very different than I’ve done in the past. Hopefully, different will be a good different, not a bad different!

Anyways, to the US readers, have a Happy Thanksgiving! To those overseas, enjoy a full week of work! :)

Comments

ian said…
Scott, I'm using HTMLDb release 2 on a 10.2 RDBMS. This is the last paragraph of a TAR I've got open with Oracle at the moment. I would be extremely interested in your thoughts.
'The security clamp on the development server is bespoke, i.e. my customer's
business (MOD) requires this clamp, or something quite like it, to be in place
on all client and server machines in the production environment. We have
solved the problem of HTMLDb functionality when using the development server
effectively as a client, i.e. using IE6 on the server to try to access HTMLDb,
by using IE6 on the server to add the URLs that didn't work to the 'trusted
sites' list.
There is a possibility, therefore, that in the production environment the
client machines will have to be similarly configured, that is, adding the
production URLs to the 'trusted sites' list on every client (this would not be
acceptable to my customer). We are in the process of trying to obtain suitably
clamped clients for our development environment to try to test this theory.
All we can be sure of is that HTMLDb 1.6 did not and does not present a similar
problem.
In terms of the substantive reason for this TAR it could be closed as we now
have functionality, however, this has raised other questions which need to be
resolved urgently.'
Scott said…
Ian,

The major security component which changed from 1.6 to 2.0 is that all URLs require a valid Session ID.

Ensure that if you're calling HTML DB pages in your application that the &SESSION. or :APP_SESSION variable is being used.

Otherwise, you'll be prompted for a username and password.

Thanks,

- Scott -
Mark said…
Scott,
Any chance that you could publish the white paper on here ( or anywhere )? It'd be great to have some "real world" info on integrating 11i with HTMLDB.
Scott said…
Mark,

You can download the slides here.

Thanks,

- Scott-

Popular posts from this blog

Logging APEX Report Downloads

A customer recently asked how APEX could track who clicked “download” from an Interactive Grid.  After some quick searching of the logs, I realized that APEX simply does not record this type of activity, aside from a simple page view type of “AJAX” entry.  This was not specific enough, and of course, led to the next question - can we prevent users from downloading data from a grid entirely?

I knew that any Javascript-based solution would fall short of their security requirements, since it is trivial to reconstruct the URL pattern required to initiate a download, even if the Javascript had removed the option from the menu.  Thus, I had to consider a PL/SQL-based approach - one that could not be bypassed by a malicious end user.

To solve this problem, I turned to APEX’s Initialization PL/SQL Code parameter.  Any PL/SQL code entered in this region will be executed before any other APEX-related process.  Thus, it is literally the first place that a developer can interact with an APEX page…

Thanks, ODC (Oracle Developer Community)!

I owe a lot of thanks to the ODC - which stands for Oracle Developer Community.  What is ODC?  You may remember it as OTN, or the Oracle Technology Network.  Same people, different name.  Why they changed it I can't say.  People just liked it better that way... (love that song)

In any case, what am I thankful for?  A lot.  To start, the tools that I use day in and day out: SQL Developer, ORDS, Oracle Data Modeler, SQLcl and - of course - APEX.  Without these tools, I'm likely on a completely different career path, perhaps even one that aligns more closely with my degree in television management.

While the tools are great, it's really the people that make up the community that make ODC stand out. From the folks who run ODC and the Oracle ACE program to the developers and product managers who are behind the awesome tools, the ODC community is one of, if not the greatest asset of being involved with Oracle's products.

If you have yet to get more involved with this communi…

Custom Export to CSV

It's been a while since I've updated my blog. I've been quite busy lately, and just have not had the time that I used to. We're expecting our 1st child in just a few short weeks now, so most of my free time has been spent learning Lamaze breathing, making the weekly run to Babies R Us, and relocating my office from the larger room upstairs to the smaller one downstairs - which I do happen to like MUCH more than I had anticipated. I have everything I need within a short walk - a bathroom, beer fridge, and 52" HD TV. I only need to go upstairs to eat and sleep now, but alas, this will all change soon...

Recently, I was asked if you could change the way Export to CSV in ApEx works. The short answer is, of course, no. But it's not too difficult to "roll your own" CSV export procedure.

Why would you want to do this? Well, the customer's requirement was to manipulate some data when the Export link was clicked, and then export it to CSV in a format…