Misplaced Pages

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article contains wording that promotes the subject in a subjective manner without imparting real information. Please remove or replace such wording and instead of making proclamations about a subject's importance, use facts and attribution to demonstrate that importance. (February 2024) (Learn how and when to remove this message) Some of this article's listed sources may not be reliable. Please help improve this article by looking for better, more reliable sources. Unreliable citations may be challenged and removed. (February 2024) (Learn how and when to remove this message) This article may have been created or edited in return for undisclosed payments, a violation of Misplaced Pages's terms of use. It may require cleanup to comply with Misplaced Pages's content policies, particularly neutral point of view. (March 2024) (Learn how and when to remove this message)

Oracle APEX

Developer(s)	Oracle Corporation
Stable release	24.1 / June 17, 2024 (2024-06-17)
Operating system	Windows, Linux, Oracle Solaris, HP-UX, IBM AIX
License	Oracle Technical Network License (proprietary)
Website	apex.oracle.com

Oracle APEX (Oracle Application Express, or APEX) is an enterprise low-code application development platform offered by Oracle Corporation. APEX is used for developing and deploying cloud, mobile and desktop applications. The platform provides a web-based integrated development environment (IDE) with tools such as wizards, drag-and-drop layouts and property editors aimed at simplifying the process of building applications and designing user interfaces.

Background

APEX is a feature of the Oracle Database and can be installed anywhere an Oracle database runs. It is offered in Oracle Cloud through Autonomous Database Cloud Services and the stand-alone APEX Application Development service.

Oracle APEX has had name changes since its creation in 2000, including:

• Flows
• Oracle Platform
• Project Marvel
• HTML DB
• Application Express (APEX) aka Oracle APEX

History

APEX was created by Michael Hichwa, an Oracle developer. Following from his earlier project, WebDB. When tasked with building an internal web calendar, Michael Hichwa employed Joel Kallman and began developing Flows. Hichwa and Kallman also co-developed the web calendar, adding features to Flows as they needed them to develop the calendar. Early builds of Flows had no front-end, so all changes to an application had to be made in SQL Plus via inserts, updates and deletes.

With version 5.2, the numbering was changed to 18.1, indicating the year and quarter of release. This change is associated with Oracle's change in numbering nomenclature.

Low-code environment

Oracle APEX is a low-code development platform. These low-code environments can trace their origins to fourth-generation programming languages and rapid application development (RAD) tools. Since APEX was originally marketed as a RAD tool, this progression is a logical one. APEX allows users to build web applications with no code. When the requirements are more complex, APEX allows the extension of the low-code objects through a declarative framework. This framework lets the developer define custom logic, business rules, and user interfaces. The developer can do this through the inclusion of SQL, PL/SQL, HTML, JavaScript, or CSS as well as APEX plug-ins. APEX permits developers to go from no code to low-code to more code.

Security

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Oracle Application Express" – news · newspapers · books · scholar · JSTOR (October 2024) (Learn how and when to remove this message)

APEX applications suffer from the same classes of application security flaws as other web applications based on more direct technologies such as PHP, ASP.NET and Java.

The two main classes of vulnerability that affect APEX applications are SQL injection and cross-site scripting (XSS).

APEX applications inherently use PL/SQL constructs as the base server-side language and access data via PL/SQL blocks, an APEX application will use PL/SQL to implement authorization and to conditionally display web page elements. This means that generally APEX applications suffer from SQL injection when these PL/SQL blocks do not correctly validate and handle malicious user input. Oracle implemented a special variable type for APEX called Substitution Variables (with a syntax of "&NAME."); however, these are insecure and can lead to SQL injection. Where the injection occurs within a PL/SQL block, an attacker can inject an arbitrary number of queries or statements to execute; escaping special characters and using bind variables ensures the reduced likelihood of XSS and SQL injection vulnerabilities.

XSS vulnerabilities arise in APEX applications just like other web application languages. Oracle provides the htf.escape_sc() function to replace literal characters with HTML entity names and avoid undesired behaviors.

A developer can assign authorization schemes to resources (such as pages and items) to control access to resources within an APEX application. These schemes must be applied consistently to ensure that resources are appropriately protected. A typical example of inconsistent access control is when an authorization scheme is set for a button item but not for the associated process performed when the button is clicked. A malicious user can then perform the process through JavaScript without needing the actual button to be accessible.

Since APEX 4.0, the Application Builder interface provides some limited security posture assessment through the Advisor utility.

Third-party libraries

Developers may improve and extend their APEX applications by using third-party libraries. Among them are JQuery Mobile (HTML 5-based user interface), JQuery UI (user interface for the web), AnyChart (JavaScript/HTML 5 charts), CKEditor (web text editor), and others. Experts say it's an advantage of applying the latest APEX patches that the external libraries that come with APEX carry an update, too. However, many of the libraries are updated more frequently than APEX patches are released.

APEX and Oracle Database Express Edition (XE)

Oracle APEX can be run inside Oracle Database Express Edition (XE), a free entry-level database. Although the functionality of APEX isn't intentionally limited when running on XE, the limitations of the database engine may prevent some APEX features from functioning. Furthermore, Oracle XE has limits for CPU, memory, and disk usage.

See also

• Oracle SQL Developer
• Jam.py

References

1. "Oracle Application Express - Downloads". Oracle. Retrieved December 10, 2015.
2. "Oracle Application Express Documentation". Oracle Help Center.
3. "Oracle Application Express (APEX): Overview" (PDF). Oracle Corporation.
4. "Welcome to Flows for APEX". apex-flowsforapex. Retrieved September 24, 2021.
5. "Implementing Oracle API Platform Cloud Service". Packt. Retrieved September 24, 2021.
6. "1 What is Oracle HTML DB?". docs.oracle.com. Archived from the original on September 24, 2021. Retrieved September 24, 2021.
7. "Apex Developer | Limestone Digital". limestonedigital.com. September 3, 2021. Retrieved September 24, 2021.
8. "Michael Hichwa". Apress. Michael Hichwa is the original developer and architect of Oracle Application Express (APEX), aka HTML DB. Michael created APEX as a 100% rewrite of an earlier browser-based application development tool he also created, called Oracle WebDB. He had invaluable technical assistance and guidance from Tom Kyte and the addition of Joel Kallman as a co-developer. Michael and Joel have led APEX development efforts since 1999
9. Kallman, Joel. "From Low Code to High Control". Retrieved November 27, 2017.
10. "Low Code with Oracle Application Express". apex.oracle.com. Retrieved November 27, 2017.
11. "Securing Vulnerability Exploits with Apex – Part 3". content.dsp.co.uk. Retrieved October 8, 2024.
12. "Fusion Middleware PL/SQL Web Toolkit Reference". docs.oracle.com. Retrieved October 8, 2024.
13. "Building a Mobile Web Application Using Oracle Application Express 5.0". Oracle.
14. "Application Express Application Builder User's Guide". Oracle.
15. "Oracle APEX: Using AnyChart products with Oracle Application Express (APEX)". AnyChart.
16. "Oracle chooses FCKeditor for Application Express". CKEditor.com.
17. "Goodies - APEX 4.2.2 included Libraries". Dimitri Gielis Blog. May 8, 2013. Retrieved December 10, 2015.
18. "APEX 5 first peek". Grassroots Oracle. March 17, 2014. Retrieved December 10, 2015.
19. "Limitations of the Express Edition". Oracle Corporation. Retrieved May 22, 2013.

Bibliography

• Beckmann, Ralf (October 1, 2013), Oracle Application Express in der Praxis: Mit APEX datenbankbasierte Webanwendungen entwickeln (1st ed.), Carl Hanser Verlag, p. 416, ISBN 978-3446438965
• Cimolini, Patrick (September 12, 2011), Agile Oracle Application Express (1st ed.), Apress, p. 200, ISBN 978-1-4302-3759-4
• Mattamal, Raj; Nielsen, Anton (July 28, 2011), Expert Oracle Application Express Plugins: Building Reusable Components (1st ed.), Apress, p. 300, ISBN 978-1-4302-3503-3
• Fox, Tim; Scott, John; Spendolini, Scott (June 29, 2011), Pro Oracle Application Express 4 (2 ed.), Apress, p. 700, ISBN 978-1-4302-3494-4
• Zehoo, Edmund (June 15, 2011), Oracle Application Express 4 Recipes (1st ed.), Apress, p. 300, ISBN 978-1-4302-3506-4
• Lancaster, Mark (May 28, 2011), Oracle Application Express 4.0 with Ext JS (1st ed.), Packt Publishing, p. 392, ISBN 978-1-84968-106-3
• Aust, Dietmar; D'Souza, Martin Giffy; Gault, Doug; Gielis, Dimitri; Hartman, Roel; Hichwa, Michael; Kennedy, Sharon; Kubicek, Denes; Mattamal, Raj; McGhan, Dan; Mignault, Francis; Nielsen, Anton; Scott, John (May 16, 2011), Expert Oracle Application Express (1st ed.), Apress, p. 500, ISBN 978-1-4302-3512-5
• Gault, Doug; Cannell, Karen; Cimolini, Patrick; D'Souza, Martin Giffy; Hilaire, Timothy St. (March 31, 2011), Beginning Oracle Application Express 4 (1st ed.), Apress, p. 440, ISBN 978-1-84968-134-6
• van Zoest, M.; van der Plas, Marcel (December 14, 2010), Oracle APEX 4.0 Cookbook (1st ed.), Packt Publishing, p. 328, ISBN 978-1-4302-3147-9
• Geller, Arie; Lyon, Matthew (June 1, 2010), Oracle Application Express 3.2 – The Essentials and More (1st ed.), Packt Publishing, p. 520, ISBN 978-1-84719-452-7
• van den Bos, Douwe Pieter (July 29, 2009), Oracle Application Express Forms Converter (1st ed.), Packt Publishing, p. 172, ISBN 978-1-84719-776-4
• Greenwald, Rick (December 22, 2008), Beginning Oracle Application Express (1st ed.), Wrox, p. 384, ISBN 978-0-470-38837-2
• Scott, John; Spendolini, Scott (September 16, 2008), Pro Oracle Application Express (1st ed.), Apress, p. 700, ISBN 978-1-59059-827-6

External links

• Official website
• https://docs.oracle.com/database/apex-18.1/

• Oracle software
• Freeware
• 2004 software
• Web frameworks