Friday, May 30, 2008

New APEX Hosting Provider... Sort of...

Just read on the Revion blog that a new subsidiary called HTMLDBHost is offering APEX hosting at $24.95 for the first six months; the price goes up to the regular rate of $49.95 thereafter.

It seems that you get the same levels of service, band width, disk space as the standard plan offered at at a discounted rate.

Friday, May 23, 2008

APEX 3.1.1 Patchset Released

In case you missed it, the APEX 3.1.1 patchset has been released as both a patch via Metalink (patch #7032837) and a complete download via OTN.

For a complete list of what's fixed, have a look at the patch's installation notes.

Tuesday, May 20, 2008

How to Spot a Phishing Site

I just got an e-mail from Bank of America:

During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information. This might be due to either of the following reasons:

1. A recent change in your personal information (i.e.change of address).
2. Submiting invalid information during the initial sign up process.
3. The services look that was changed recently:

[Banking Log-In]

Security Advisory,
Bank Of America .


failure to update your account at least 24hrs of notice might lead to account
being locked and access will be restricted.

I'll ignore the fact that I do not have a Bank of America account for the sake of this post, as that's just too easy.

So let's review the signs thus far:

Sign #1: "Either" of the following reasons, followed by three, not two, reasons.
Sign #2: Poor grammar: The services look that was changed recently
Sign #3: Poor punctuation: failure to update your account at least 24hrs of notice might lead to account being locked and access will be restricted.
Sign #4: The fact that the URL in the e-mail resolved to this site in Poland, which is hardly where I believe the Bank of America is located:

So I clicked on it (having a Mac gives you little fear when it comes to checking out phishing sites) and got a relatively legit looking Bank of America login page. Not running in SSL.

Sign #5: No SSL for username & password.

I "signed on" with a bogus name and password, and lo and behind, it accepted it!

Sign #6: A completely made up username and password somehow work.

Now that I'm authenticated, the URL has changed to include both the username and password which I provided:

Sign #7: Your password shows up - in clear text - in the URL

Now I am presented with a form that is asking for all kinds of personal information - checking account number, SSN, online ID (which I just provided), ATM card number and PIN, and bank routing number.

Sign #8: Your bank asks YOU for its routing number.

At this point, if I just submit the page without providing any information, it goes on to the next step.

Sign #9: Not a lick of validation is included anywhere in the site.

Finally - the inspiration for this post - is one of the last pieces of information that the site asked me for:

Third from the bottom, I am asked to provide my Father's Maiden Name - a piece of information so secure, that not even he knows what it is!

Thursday, May 15, 2008

APEX Performance Tuning Webinar

Doug Gault from Hotsos will be presenting a FREE webinar on May 28th: Performance Tuning APEX Applications.

From the Hotsos site:

Application Express (ApEx) is a highly flexible and highly scalable Rapid Application Development environment for web applications. But what do you do when your application's success starts to become its downfall? This free, one-hour presentation will cover strategies and tactical advice for monitoring and addressing performance issues, and presents some of the best practices for making ApEx Performance Problems easy to diagnose. This webinar is presented by Doug Gault, head of Hotsos Product Development.

No one that I know of does Oracle Performance Tuning like the folks at Hotsos do, so I'm sure that this presentation will be packed with tips and best practices.

Friday, May 09, 2008

Firefox Smart Keywords

I can across this post today (Disclaimer: link is very much NSFW only if you try to repeat the examples used for Urban Dictionary; also, other entries in this blog may be NSFW):

To summarize, Firefox allows you to not only bookmark a page, but turn that page into a function of sort, and allow you cal call that page with some sort of parameter.

Thus, if you add a Smart Keyword for Google and call it "g", you can simply type "g oracle apex" into the location bar, and the resulting page would be the same as if you went to, entered "oracle apex", and then clicked enter.

So naturally, my first instinct to was to test this with an APEX application, and I was quite pleased to see it work flawlessly! I added two Smart Keywords - "a" and "c", which search the Accounts and Contacts pages of my APEX-based CRM application. No longer do I need to log in and navigate to those respective pages; I can simply key in Ctrl+L and then type "a sumner" or "c spendolini" to search for an account or contact.

Thursday, May 08, 2008

Decoding Database Features

Having just answered a question in the OTN forums on this, I figured I'd share the link that I often use to decode which feature maps to which version of the Oracle Database:

Since Oracle will change what feature is included with which edition from time to time, it's handy to have this link bookmared somewhere.

Also, what's most unique about this link is that it can only be (easily) found from, not OTN.

Wednesday, May 07, 2008

Debugging APEX with SQL Developer

I have been using SQL Developer since its early days, namely because it runs natively on the Mac.  Despite this fact, it has proven to be a formidable IDE to work with, allowing me to do 95% of what I need to quickly and easily, all without having to spark up a Windows VM.

In this month's Oracle Magazine, David Peake, the APEX Product Manager, writes about how to use SQL Developer to assist in debugging APEX applications.  By instrumenting your processes in APEX with just a couple lines of code, you can trap and then debug your PL/SQL from APEX in SQL Developer's debugger.

While you'll need DBA privileges to get this to work, it's something that's not intended for production environments, so I don't envision that to be much of an issue in most cases.