In older versions of APEX, there was an implementation of this algorithm, although it was not officially documented and therefore criticized. I tried to analyze this algorithm and adapt it to the current version of APEX, but without success.
The basis was a database table storing alphanumeric codes in ASCII form and their graphical presentations as BLOB. The basis was the technique of rewriting random codes to the application screen using the construction:
……
<img width="25" height="25",=""src="APEX_050100.wwv_flow_image_generator.get_image?p_position=1&p_sessionid=&APP_SESSION.">
…….
The get_image procedure included constructions (approximation):
begin
select image
into p_blob
from images
where name = p_name;
htp.init;
owa_util.mime_header('image/gif' , false);
htp.p('Content-Length: ' || dbms_lob.getlength(p_blob));
htp.p('Content-Disposition: filename="' || p_name || '"');
owa_util.http_header_close;
wpg_docload.download_file(p_blob);
end;
Unfortunately, I did not manage to implement this solution in the current version of APEX and that's why I tried my own based on apex collection.
I would like to present them to you with a request for comments on the security issues of the authentication process using my implementation. Oracle objects such as database table, apex collection and other PL/SQL and APEX standards are used.
I know that Google reCAPTCHA can be used. But this is going beyond the Oracle area, and thus using an external factor, which may be controversial.
Please familiarize yourself with the operation of my idea and comment on it professionally.
Thanks in advance.
Link to the application:
https://apex.oracle.com/pls/apex/f?p=90518