Hi There,
We are using XE as the backend data storage for our tourism website, and we've written a content management application in Apex that we'd like to expose to our content managers, however I am a little concerned that once we provide access to this application, it also means that users (and everyone else on the net) will have open slather access to all the Apex applications, including the XE administrative application (f?p=4550).
We have setup apache in front of XE using proxy redirect directives (see
1105704 - which incidently overrides the default builtin XE listener security of only allowing connections from localhost). Now we want to prevent access to any flow applications other than our content management application (f?p=100).
Has anyone figured out a way either using apache directives, or dbms_epg settings to restrict access to certain applications within Apex? i.e.
Is there a way we can permit public access to application 100, without also exposing the admin application 4550? I note that metalink doesn't (https://metalink.oracle.com/metalink/plsql/f?p=4550).
Is it sufficient to allow a simple username and password to the soft underbelly of your corporate data stores? Does this concern anyone else or is it just me ;)
Thanks in advance,
Mike Cretan