May 28, 2008

APEX SIG in pictures

Pictures taken at the first APEX SIG in Montreal and Quebec city.

François Prévost, president of the ORA*GEC

David Peake presenting Apex and the new functionnalities from the latest version (3.1).

A lot of people assisted to the presentations.

Round table (Quebec city) :
Daniel Ste-Croix, Momentum technologies
Jean Lemieux, Ministère de l'Éducation, du Loisir et du Sport
Éliane Noël, Fonds de recherche du Québec
Michel Ganache, Momentum technologies

Round table (Montreal) :
Michelle Skamene, MUHC
Michel St-Amour, Insum
Nathalie Godechot, Bell Helicopter

Francis Mignault showing how easy it is to make a complete application with Application Express.
(Collection de films)

Louis-Guillaume Carrier-Bédard (me) helping Francis with his presentation.

Daniel Ste-Croix, Momentum technologies
Bruno Cloutier, Momentum technologies

Luc Demanche
Michel St-Amour, Insum
Francis Mignault, Insum
Patrick Bonneville, Insum

Thanks to everyone for making this event a success!!

May 23, 2008

Security notice for file download

A few days ago, I added a download link in a page that calls a file download procedure within an URL. It quickly came to my mind that there was a security issue with this method. Indeed, nothing prevented me from downloading a file even if I wasn't logged into my APEX application.

I thought that the solution would be to add security in the procedure itself so it would check an application item value (userid) with the v() function. Unfortunately, this function cannot read apex items when it's being executed in a procedure called from an URL.

With some quick research, I found a solution on Denes Kubicek demo website. The solution is to call, with an URL, an on-demand application process which runs the file download procedure. This way, you absolutely have to be logged into the application to use the procedure since you need a valid session id in this URL.

You can find a document on Denes Kubicek demo website named "application_process - download.pdf". It explains step by step how to apply the secure method :

Reminder: Don't forget to revoke the execute privilege on the download procedure to apex_public_user if you granted it previously.


May 20, 2008

Qu'est-ce que APEX ?

Voici un petit viewlet qui explique ce qu'est APEX.

C'est une bonne introduction.

A faire circuler


What is APEX ?

Watch this viewlet to get introduced to APEX.

Found this reading Joel Kallman blog.


May 19, 2008

Montreal APEX SIG

Last wednesday and thursday (may 14 and 15 2008) we started an APEX user group in Montreal and in Quebec.

This new SIG is part of the Ora*gec (Oracle user group of the East Canada).

It was a success !

There was about 100 people in Quebec city and 100 people in Montreal.

This first meeting was half a day and we had Mr David Peake , the APEX product manager, as our special guest.

He talked about what APEX is all about, showed us the new features of 3.1 and told us about some features that will be available in future releases.

One thing is for sure is that the conversion from forms to APEX is something that a lot of people are waiting for.

I would like to take this opportunity to thank David Peake for taking the time to come over in Montreal and Quebec.

After that, we had a round table with some APEX users and finally, I did a presentation on APEX development methodology. Actually, I did a development of a small application starting from the analysis, the data model, the generation of the application, the improvement of this application and finally the move to production.

I can't wait for the next SIG meeting.

I will post some pictures soon. Stay tuned.