Jump to content

Oracle Application Express

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Faisalgillani87 (talk | contribs) at 16:23, 15 January 2025 (Oracle Application Express (Oracle APEX)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Oracle APEX
Developer(s)Oracle Corporation
Stable release
24.1 / June 17, 2024 (2024-06-17)
Operating systemWindows, Linux, Oracle Solaris, HP-UX, IBM AIX[1]
LicenseOracle Technical Network License (proprietary[2])
Websiteapex.oracle.com

Oracle APEX (Oracle Application Express) is a low-code application development platform developed by Oracle Corporation. It is designed for the development and deployment of cloud, mobile, and desktop applications. Oracle APEX provides a web-based integrated development environment (IDE) that includes a variety of tools such as wizards, drag-and-drop layout builders, and property editors. These tools streamline the process of building applications and designing user interfaces, making it easier for developers to create sophisticated applications with minimal coding.[3]

Background

Oracle APEX is a feature of the Oracle Database and is integrated within Oracle Cloud services, including the Autonomous Database Cloud Services and the stand-alone APEX Application Development service.[4]

Since its inception in 2000, Oracle APEX has undergone several name changes, reflecting its evolution over time. These names include:

  • Flows
  • Oracle Platform
  • Project Marvel
  • HTML DB
  • Application Express (APEX), commonly known today as Oracle APEX[5]

History

Oracle APEX was created by Oracle developer Michael Hichwa following his earlier project, WebDB. When tasked with building an internal web calendar, Hichwa enlisted the help of fellow Oracle employee Joel Kallman. Together, they began developing Flows, which would eventually evolve into APEX. As they built the web calendar, they continually added features to Flows to meet their development needs. Early versions of Flows lacked a front-end interface, requiring all application changes to be made through SQL Plus via inserts, updates, and deletes.

Starting with version 5.2, Oracle APEX's version numbering was changed to 18.1, reflecting the year and quarter of the release. This change aligned with Oracle's broader shift in its version numbering nomenclature.[6]

Low-code environment

Oracle APEX is a low-code development platform that allows users to build web applications with minimal coding. The origins of these low-code environments can be traced back to fourth-generation programming languages and rapid application development (RAD) tools.

APEX provides a platform where users can create applications with no code, leveraging its powerful declarative framework. When application requirements become more complex, APEX offers the flexibility to extend low-code objects. This extension is achieved through a framework that enables developers to define custom logic, business rules, and user interfaces using SQL, PL/SQL, HTML, JavaScript, CSS, and APEX plug-ins.[7]

Security

Oracle APEX applications are subject to the same application security risks as other web-based applications developed with technologies like PHP, ASP.NET, and Java.

The two primary classes of vulnerabilities that affect APEX applications are SQL injection and cross-site scripting (XSS).

APEX applications inherently use PL/SQL constructs as the base server-side language and access data via PL/SQL blocks. These applications use PL/SQL for implementing authorization and conditionally displaying web page elements. As a result, APEX applications can be vulnerable to SQL injection if the PL/SQL blocks fail to properly validate and handle malicious user input. Although Oracle introduced Substitution Variables (with a syntax of "&NAME.") for APEX, they can be insecure and potentially lead to SQL injection attacks. To mitigate these risks, developers should escape special characters and use bind variables to reduce the likelihood of SQL injection and XSS vulnerabilities.

XSS vulnerabilities can arise in APEX applications just as they do in other web application frameworks. Oracle offers the htf.escape_sc() function to replace literal characters with HTML entity names, helping to prevent undesired behaviors.[8]

Developers can assign authorization schemes to resources like pages and items to control access within an APEX application. It is crucial to apply these schemes consistently to ensure proper resource protection. An example of inconsistent access control is when an authorization scheme is applied to a button but not to the associated process triggered by the button. In such cases, a user could potentially execute the process using JavaScript, bypassing the button's security.

Since APEX 4.0, the Application Builder interface has included a utility called Advisor, which provides a basic assessment of an application’s security posture, helping developers identify and mitigate security issues.[9]

Third-party libraries

Developers may improve and extend their APEX applications by using third-party libraries. Among them are JQuery Mobile (HTML 5-based user interface),[10] JQuery UI (user interface for the web),[11] AnyChart (JavaScript/HTML 5 charts),[12] CKEditor (web text editor),[13] and others. Oracle states that applying the latest APEX patches ensures that the external libraries bundled with the platform are updated in tandem, enhancing application stability and security.[14] However, many of the libraries are updated more frequently than APEX patches are released, requiring developers to monitor and manually apply updates as necessary to maintain compatibility and security.[15][16]

APEX and Oracle Database Express Edition (XE)

Oracle APEX can be run inside Oracle Database Express Edition (XE), a free entry-level database. Although the functionality of APEX isn't intentionally limited when running on XE, the limitations of the database engine may prevent some APEX features from functioning. Furthermore, Oracle XE has limits for CPU, memory, and disk usage.[17]

See also

References

  1. ^ "Oracle Application Express - Downloads". Oracle. Retrieved December 10, 2015.
  2. ^ "Oracle Application Express Documentation". Oracle Help Center.
  3. ^ Faisal, Gillani (https://nexttechrevolution.blogspot.com/). "Oracle Application Express (Oracle APEX)". Nexttech Revolution. Retrieved 15/1/2025. {{cite web}}: Check date values in: |access-date= and |date= (help); External link in |date= (help)CS1 maint: url-status (link)
  4. ^ Gillani, Faisal (https://nexttechrevolution.blogspot.com/). "Background". Nexttech Revolution. Retrieved 15/1/2025. {{cite web}}: Check date values in: |access-date= and |date= (help); External link in |date= (help)CS1 maint: url-status (link)
  5. ^ Gillani, Faisal (https://nexttechrevolution.blogspot.com/). "Background". Nexttech Revolution. Retrieved 15/1/2025. {{cite web}}: Check date values in: |access-date= and |date= (help); External link in |date= (help)CS1 maint: url-status (link)
  6. ^ Gillani, Faisal (https://nexttechrevolution.blogspot.com/). "History". Nexttech Revolution. Retrieved 15/1/2025. {{cite web}}: Check date values in: |access-date= and |date= (help); External link in |date= (help)CS1 maint: url-status (link)
  7. ^ Gillani, Faisal (https://nexttechrevolution.blogspot.com/). "Low-code Environment". Nexttech Revolution. Retrieved 15/1/2025. {{cite web}}: Check date values in: |access-date= and |date= (help); External link in |date= (help)CS1 maint: url-status (link)
  8. ^ Gillani, Faisal (https://nexttechrevolution.blogspot.com/). "Security". Nexttech Revolution. Retrieved 15/1/2025. {{cite web}}: Check date values in: |access-date= and |date= (help); External link in |date= (help)CS1 maint: url-status (link)
  9. ^ Gillani, Faisal (https://nexttechrevolution.blogspot.com/). "Security". Nexttech Revolution. Retrieved 15/1/2025. {{cite web}}: Check date values in: |access-date= and |date= (help); External link in |date= (help)CS1 maint: url-status (link)
  10. ^ "Building a Mobile Web Application Using Oracle Application Express 5.0". Oracle.
  11. ^ "Application Express Application Builder User's Guide". Oracle.
  12. ^ "Oracle APEX: Using AnyChart products with Oracle Application Express (APEX)". AnyChart.
  13. ^ "Oracle chooses FCKeditor for Application Express". CKEditor.com.
  14. ^ "Oracle Application Express (APEX) Patches". Oracle Base. Retrieved December 30, 2024.
  15. ^ "Goodies - APEX 4.2.2 included Libraries". Dimitri Gielis Blog. May 8, 2013. Retrieved December 10, 2015.
  16. ^ "APEX 5 first peek". Grassroots Oracle. March 17, 2014. Retrieved December 10, 2015.
  17. ^ "Limitations of the Express Edition". Oracle Corporation. Retrieved May 22, 2013.

Bibliography

Retrieved from "https://en.wikipedia.org/w/index.php?title=Oracle_Application_Express&oldid=1269629136"