Loading AI tools
Web-based software development environment From Wikipedia, the free encyclopedia
Oracle APEX (or APEX) is an enterprise low-code application development platform from Oracle Corporation. APEX is used for developing and deploying cloud, mobile, and desktop applications. The platform is a web-based integrated development environment (IDE) that includes features such as wizards, drag-and-drop layouts, and property editors to try to simplify the process of building applications and pages.
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
|
Developer(s) | Oracle Corporation |
---|---|
Stable release | 24.1
/ June 17, 2024 |
Operating system | Windows, Linux, Oracle Solaris, HP-UX, IBM AIX[1] |
License | Oracle Technical Network License (proprietary[2]) |
Website | apex |
APEX is currently a feature of the Oracle Database and can theoretically be installed anywhere an Oracle Database runs. APEX is also offered in Oracle's Cloud across various services including Autonomous Database Cloud Services and the stand-alone APEX Application Development service.[3]
Oracle APEX has had many name changes since its inception in 2000, including:
APEX was created by Michael Hichwa, a developer at Oracle. After the development of his previous project, WebDB, he started to diverge from his original vision. Although APEX shares some functionality with WebDB, it was developed from scratch, and there is no upgrade path from WebDB to APEX. When tasked with building an internal web calendar, Hichwa employed Joel Kallman and began developing a project called Flows. Hichwa and Kallman also co-developed the Web Calendar, adding features to Flows as they needed them to develop the calendar. Early builds of Flows had no front-end, so all changes to an application had to be made in SQL*Plus via inserts, updates and deletes.[8]
With version 5.2, the numbering was changed to 18.1, indicating the year and quarter of release. This change is associated with Oracle's new numbering nomenclature. The latest version of the Oracle APEX is 24.1 and was released on June 17, 2024.[9]
Oracle APEX is a low-code development platform. These low-code environments can trace their origins to 4GL programming languages and rapid application development (RAD) tools. Since APEX was originally marketed as a RAD tool, this progression is a logical one. APEX allows building web applications with no code. When the requirements are more complex, APEX allows the extension of the Low-Code objects through a declarative framework. This framework lets the developer define custom logic, business rules, and user interfaces. The developer can do this through the inclusion of SQL, PL/SQL, HTML, JavaScript, or CSS as well as APEX plug-ins. APEX permits developers to go from no code to low-code to more code.[10][11]
This article needs additional citations for verification. (October 2024) |
There is a common misconception[vague] that the abstracted nature of APEX applications results in a relatively secure user environment. However, APEX applications suffer from the same classes of application security flaws as other web applications based on more direct technologies such as PHP, ASP.NET and Java.
The two main classes of vulnerability that affect APEX applications are SQL injection and cross-site scripting (XSS).[12]
APEX applications inherently use PL/SQL constructs as the base server-side language. As well as accessing data via PL/SQL blocks, an APEX application will use PL/SQL to implement authorization and to conditionally display web page elements. This means that generally APEX applications suffer from SQL injection when these PL/SQL blocks do not correctly validate and handle malicious user input. Oracle implemented a special variable type for APEX called Substitution Variables (with a syntax of "&NAME."); however, these are insecure and can lead to SQL injection. Where the injection occurs within a PL/SQL block an attacker can inject an arbitrary number of queries or statements to execute. Escaping special characters and using bind variables ensures the reduced likelihood of XSS and SQL injection vulnerabilities.
Cross-site scripting vulnerabilities arise in APEX applications just like other web application languages. Oracle provides the htf.escape_sc() function to replace literal characters with HTML entity names and avoid undesired behaviors.[13]
To control access to resources within an APEX application, a developer can assign authorization schemes to resources (such as pages and items). These schemes must be applied consistently to ensure that resources are appropriately protected. A typical example of inconsistent access control is when an authorization scheme is set for a button item but not for the associated process that is performed when the button is clicked. A malicious user can then perform the process through JavaScript without needing the actual Button to be accessible.
Since APEX 4.0, the Application Builder interface provides some limited assessment of the security posture through the Advisor utility.
Developers may improve and extend their APEX applications by using third-party libraries. Among them are JQuery Mobile (HTML5-based user interface),[14] JQuery UI (user interface for the web),[15] AnyChart (JavaScript/HTML5 charts),[16] CKEditor (web text editor)[17] and others. Experts[who?] say it is an advantage of applying the latest APEX patches that the external libraries that come with APEX carry an update, too.[clarification needed] However, many of the libraries come out with newer versions more frequently than there are APEX patches.[18][19]
Oracle APEX can be run inside Oracle Database Express Edition (XE), a free entry-level database. Although the functionality of APEX isn't intentionally limited when running on XE, the limitations of the database engine may prevent some APEX features from functioning. Also, Oracle XE has limits for CPU, memory and disk usage.[20]
Seamless Wikipedia browsing. On steroids.
Every time you click a link to Wikipedia, Wiktionary or Wikiquote in your browser's search results, it will show the modern Wikiwand interface.
Wikiwand extension is a five stars, simple, with minimum permission required to keep your browsing private, safe and transparent.