CHAPTER 12
Secure Coding Practices in APEX

This chapter shifts focus from securing the Application Express environment to securing an individual application. The concepts involved in creating a secure application using APEX are very similar to those of other database-centric technologies. Data should be secured at the lowest level possible using techniques such as Virtual Private Database (VPD), Oracle Label Security (OLS), Programmatic Encryption, and Transparent Data Encryption (TDE). End users must be authenticated against some credential store, such as an Lightweight Directory Access Protocol (LDAP) directory or Oracle Access Manager. A user’s authorization rights or privileges should also be pulled from a central source such as Oracle Access Manager (OAM).