Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
My manager keeps talking about how I will be “developing” an Application Express “security module”, however from what she told me we need to have, I don’t see what there would be to develop, seeing as Apex already has authorization/groups which allow for various groups of people to see various content.
Is there something that I am missing? What does she mean by a “module”, or is it just general wording?
APEX provides several different ways to authenticate users. One approach is to use the “Application Express” authentication scheme and just to create APEX users. Another approach is to use the “Database Account” authentication scheme and to create Oracle users. A third option is to create a custom authentication scheme and to implement your own user management functionality.
Application Express authentication tends to be the easiest to deploy for a small application but tends to get unwieldy over time. It’s hard, for example, to give an application administrator the ability to create APEX accounts. You can’t tie an APEX account in to a single sign-on solution. It’s not easy to integrate with the permission management systems that other applications use. If you’re deploying an application in a large company, the last thing the security department needs is one more place where they need to create user accounts, manage privileges, de-activate accounts when someone leaves or changes roles, etc.
Database authentication tends to be more scalable than APEX authentication since Oracle database account provisioning is likely already part of your organization’s authentication and authorization infrastructure. On the other hand, that still means that you’re creating an Oracle database user for every user you want to create in your application which probably involves a call to a DBA (technically, you could create database users from your application, but most DBAs are going to be concerned about the security implications of that). If you intend to create an internet-facing application with tens of thousands of users, database accounts may get unwieldy.
I’d wager that the vast majority of medium to large-scale APEX applications use a custom authentication scheme. That may involve creating a
USERtable where you store the username & the hash of the password or a query against an LDAP/ AD repository. That sort of approach provides the most flexibility since you can code whatever you’d like into the authentication system. You can hook into whatever custom authentication/ single sign-on solution the organization happens to use. It probably makes creating new users from within the application much easier (obviously depending on how the authentication system is designed).My assumption is that your manager is expecting that you’ll be writing a custom authentication scheme for your APEX applications.