Posts

Showing posts from July, 2026

🔐 Locking Down Public Pages - Stop URL Tampering with a Custom Checksum Using DBMS_CRYPTO in Oracle APEX

Image
🚩Introduction  In many Oracle APEX applications, public pages are accessed using links generated outside of APEX, such as from emails, external systems, or third-party portals. These URLs often carry parameters like an ID or reference number to show specific data. Normally, APEX protects these URLs using a built-in checksum. But when the URL is generated outside of APEX, then the APEX rejects the request as a checksum mismatch . To solve this, we can build our own custom checksum logic using the DBMS_CRYPTO package, so the link stays secure even when it's created from outside the application. 📑  Why This Approach Is Needed In Oracle APEX applications, public pages are open to anyone with the link, which means the URL parameters can be easily changed by a user. If there is no validation, someone could simply edit the ID in the URL and view data that doesn't belong to them. Building a custom checksum becomes important when: The URL is generated outside of APEX, so the default ...