You are here: TWiki >  Apex Web > SecurityCategory > SessionStateProtection |
r5 - 13 May 2007 - 16:57 - PeterLorenzen |
Start of topic | Skip to actions
Session State Protection
In an APEX application it is possible to change parameters in the URL and thereby maybe access information that you are not supposed to have access to. This URL tampering can be prevented by using Session State Protection (SSP). Do note that even though SSP helps to prevent URL tampering, there should really be other security measures on the pages and/or in the database to prevent unauthorized access. On the page you can prevent access to the whole page or objects on the page via authorization schemes. In the database you can for example use triggers or Virtual Private Database (VPD) also known as Fine Grained Access Control (FGAC) to prevent access.- DimitriGielis has a nice SSP example
- SSP in the User’s Guide
- The APEX Best Practices paper also contains a bit about SSP
Comments
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r5 < r4 < r3 < r2 < r1 | More topic actions
Copyright © 1999-2010 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback
Log In
Apex Web
Index
Search
Changes
Notifications
Statistics
Preferences
Create New Topic
Apex