Steal the Show with ApEx
-
Upload
connor-merrill -
Category
Documents
-
view
33 -
download
4
description
Transcript of Steal the Show with ApEx
![Page 1: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/1.jpg)
Steal the Show with ApEx
Oracle Open World, November 13, 2007
Bill HoltzmanNational Air Traffic Controllers Association
![Page 2: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/2.jpg)
November 13, 2007 Steal the Show with ApEx 2
NATCA
National Air Traffic Controllers Association
15,000 members 400 locations Employees of the Federal
Aviation Administration
![Page 3: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/3.jpg)
November 13, 2007 Steal the Show with ApEx 3
Grievance
A complaint against the employer by an employee or the union
Over 200,000 active grievances
Requirements akin to legal case
![Page 4: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/4.jpg)
November 13, 2007 Steal the Show with ApEx 4
G.A.T.S.
![Page 5: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/5.jpg)
November 13, 2007 Steal the Show with ApEx 5
Wizards
![Page 6: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/6.jpg)
November 13, 2007 Steal the Show with ApEx 6
Graphical query builder
![Page 7: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/7.jpg)
November 13, 2007 Steal the Show with ApEx 7
SQL report: Region Source
![Page 8: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/8.jpg)
November 13, 2007 Steal the Show with ApEx 8
SQL report: Attributes
![Page 9: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/9.jpg)
November 13, 2007 Steal the Show with ApEx 9
Automated report link
![Page 10: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/10.jpg)
November 13, 2007 Steal the Show with ApEx 10
Manual report link: link||text
Manual link enables concatenation with plain text
<a href="f?p=104:8:10234501378364652310:::8: P8_DUP_GRID,P8_RETURN_PAGE,P8_ARTICLE: 5880,32,0">06-ZDC-34</a><br><span style="font-size:8pt">123456</span>
![Page 11: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/11.jpg)
November 13, 2007 Steal the Show with ApEx 11
Manual link: Javascript
Manual link with Javascript enables custom pop-ups'<a href="javascript:myPopUp(''f?p=&APP_ID.:9:' || :APP_SESSION
|| '::::P9_GRID:' || g.GRID || ''')">' || g.topic || '</a>' “Grievance Regarding<br>(View/Print)"
<a href="javascript:myPopUp('f?p=104:9:11001668615862681378 ::::P9_GRID:5581')">Article 34 Working Hours</a>
At runtime, this becomes:
![Page 12: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/12.jpg)
November 13, 2007 Steal the Show with ApEx 12
Use of conditional ||Decode and case enable conditional || with images, textselect
decode(g.status_id, 1, decode(g.date_sub, null, trunc(g.u_action) - trunc(sysdate) || ' ' ||casewhen (g.u_action - sysdate) > 7 then '<img src="#FLOW_IMAGES#greenN.gif">'when (g.u_action - sysdate) > 3 then '<img src="#FLOW_IMAGES#yellowN.gif">'when (g.u_action - sysdate) > 0 then '<img src="#FLOW_IMAGES#redN.gif">'else '<img src="#FLOW_IMAGES#past.gif" border="0">'end,to_char(g.date_sub, 'MM/DD/YY')), 'Closed') "DATE_SUB"from grievance g
![Page 13: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/13.jpg)
November 13, 2007 Steal the Show with ApEx 13
SQL generated by PLSQL
SQL Report Region could not enable optional sorting of composite columns
Use of PLSQL-generated SQL enables finer control over the report source query, enhancing performance
![Page 14: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/14.jpg)
November 13, 2007 Steal the Show with ApEx 14
Converting a report to PLSQL
declarep_sql varchar2(32767);beginp_sql := q'! select grid from grievance !';return p_sql;end;
Note: 10g quoting syntax
![Page 15: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/15.jpg)
November 13, 2007 Steal the Show with ApEx 15
Adding conditionsdeclarep_sql varchar2(32767);beginp_sql := q'! select g.GRID, !';p_sql := p_sql || q'! '<a href="javascript$myPopUp(''f?p=&APP_ID.$9$' || $APP_SESSION || '$$$$P9_GRID$' || g.GRID || ''')">' || g.topic || '</a>' || gr_groupid(g.grid) "Topic“ !';p_sql := p_sql || q'! from GRIEVANCE g, gr_status_lookup p, gr_bu b where g.gr_status = 3 and g.status_id = p.id !';if :P35_FAANUM is not null thenp_sql := p_sql || q'! and lower(g.faanum) like '%' || lower($P35_FAANUM) || '%' !';end if;return replace(p_sql,'$',':');end;
![Page 16: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/16.jpg)
November 13, 2007 Steal the Show with ApEx 16
Composite sortingdeclarep_sql varchar2(32767);beginp_sql := q'! select g.GRID, !';p_sql := p_sql || q'! '<a href="javascript$myPopUp(''f?p=&APP_ID.$9$' || $APP_SESSION || '$$$$P9_GRID$' || g.GRID || ''')">' || g.topic || '</a>' || gr_groupid(g.grid) "Topic" !';p_sql := p_sql || q'! from grievance g, gr_status_lookup p, gr_bu b where g.gr_status = 3 and g.status_id = p.id and g.bu_id = b.id (+) !';casewhen :P35_SORT = 1 then p_sql := p_sql || q'! order by trunc(g.reply_by_3), trunc(g.date_sub_3) nulls last !';when :P35_SORT = 2 then p_sql := p_sql || q'! order by trunc(g.date_sub_3), trunc(g.u_action_3) nulls last !';else null;end case;return replace(p_sql,'$',':');end;
![Page 17: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/17.jpg)
November 13, 2007 Steal the Show with ApEx 17
CheckboxesPLSQL-generated SQL
Page process
![Page 18: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/18.jpg)
November 13, 2007 Steal the Show with ApEx 18
Check-all checkboxFrom Sergio Leunissen’s Blog
![Page 19: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/19.jpg)
November 13, 2007 Steal the Show with ApEx 19
Grievance listing
![Page 20: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/20.jpg)
November 13, 2007 Steal the Show with ApEx 20
Grievance listing
Filters = where clauses
Order by
Number of rows (item)
Large clickable area
Manual javascript pop-up link || text
Manual page link || text
Check all check box Composit
e report column
![Page 21: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/21.jpg)
November 13, 2007 Steal the Show with ApEx 21
Javascript on a Select ListPage Attributes
Page Item
![Page 22: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/22.jpg)
November 13, 2007 Steal the Show with ApEx 22
Database-driven Javascript
declarep_java varchar2(4000);cursor c1 is select bu_id, bplate from gr_bu;beginp_java := 'function insertBP(p_region_id) {var p_bu_id = document.getElementById("P8_BU_ID").value;';for a1 in c1 loopp_java := p_java || chr(10) || 'if (p_bu_id == ' || a1.bu_id || ')' || chr(10) || 'document.getElementById("P8_BPLATE").value = "' || a1.bplate || '";';end loop;p_java := p_java || chr(10) || '}';:F168_BPLATE_JAVA := p_java;end;
![Page 23: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/23.jpg)
November 13, 2007 Steal the Show with ApEx 23
Javascript resultfunction insertBP(p_region_id) { var p_bu_id = document.getElementById("P8_BU_ID").value;if (p_bu_id == 12)document.getElementById("P8_BPLATE").value = "This grievance is filed pursuant to the Interim agreements and 5 USC 7103 (a) (9). The Agency's actions constitute a violation of the Interim agreements between NATCA and the FAA, 5 USC Chapter 71, and all applicable laws, rules, regulations, and past practice. NOTE: Under protest, and as ordered by FAA management, this grievance is filed in accordance with the Imposed Working Rules (IWR).";if (p_bu_id == 13)document.getElementById("P8_BPLATE").value = "This grievance is filed pursuant to the Interim agreements and 5 USC 7103 (a) (9). "; }
![Page 24: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/24.jpg)
November 13, 2007 Steal the Show with ApEx 24
Users upload and download documents associated with each grievance. The process is analogous to a legal case.
Custom tables: file storage
![Page 25: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/25.jpg)
November 13, 2007 Steal the Show with ApEx 25
The custom tables are tied to individual grievances by the primary key GRID.
Upload/download tables
![Page 26: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/26.jpg)
November 13, 2007 Steal the Show with ApEx 26
Upload process
![Page 27: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/27.jpg)
November 13, 2007 Steal the Show with ApEx 27
Upload: File size validation
A validation restricts the size of uploads.
![Page 28: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/28.jpg)
November 13, 2007 Steal the Show with ApEx 28
Upload: File name validation
Javascript restricts the length of the file name. ApEx will not accept more than 78 characters.
![Page 29: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/29.jpg)
November 13, 2007 Steal the Show with ApEx 29
Download report
![Page 30: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/30.jpg)
November 13, 2007 Steal the Show with ApEx 30
Don’t forget! SQL> grant execute on download_my_file to public
Download link
![Page 31: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/31.jpg)
November 13, 2007 Steal the Show with ApEx 31
Session state protection
http://www.abc.net/pls/htmldb/f?p=168:34:470931357178041727::NO:::&cs=3A70EA7DD614FA61411D4DCACB75E481C
![Page 32: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/32.jpg)
November 13, 2007 Steal the Show with ApEx 32
URL with checksum
![Page 33: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/33.jpg)
November 13, 2007 Steal the Show with ApEx 33
Checksums in manual links
'<a href="javascript:myPopUp(''f?p=&APP_ID.:9:' || :APP_SESSION || '::::P9_GRID:' || g.GRID || ''')">' || g.topic || '</a>' "Topic"
'<a href="javascript:myPopUp(''' || htmldb_util.prepare_URL('f?p=&APP_ID.:9:' || :APP_SESSION || '::::P9_GRID:' || g.GRID) || ''')">' || g.topic || '</a>' "Topic"
Original SQL:
With session state protection:
![Page 34: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/34.jpg)
November 13, 2007 Steal the Show with ApEx 34
Checksum in PLSQL region
![Page 35: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/35.jpg)
November 13, 2007 Steal the Show with ApEx 35
Session state violation
Tampering with values in the URL produces this error message.
![Page 36: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/36.jpg)
November 13, 2007 Steal the Show with ApEx 36
Security through branching
![Page 37: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/37.jpg)
November 13, 2007 Steal the Show with ApEx 37
Automatic row processing
Automatic row processing includes optimistic locking.
But more advanced apps use manual processing.
![Page 38: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/38.jpg)
November 13, 2007 Steal the Show with ApEx 38
Manual row processing
for c1 in (select * from grievance where grid = :P8_GRID) loopcurrent_state := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5(input_string => c1.FAANUM||c1.GRIEVANT||c1.REP||c1.TOPIC||c1.ORAL));end loop;if current_state = :P8_CHECKSUM thenupdate grievance set faanum = :P8_FAANUM, rep = :P8_REP, topic = :P8_TOPIC, oral = :P8_ORAL where grid = :P8_GRID;:P8_RETURN_PAGE := 32;end case;else:P8_RETURN_PAGE := 39;end if;
:P8_CHECKSUM is calculated when the page is rendered. If it changes, the update does not execute.
![Page 39: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/39.jpg)
November 13, 2007 Steal the Show with ApEx 39
Optimistic locking error
When the checksums do not agree, conditional processing prevents the update and conditional branching takes the user to this page.
![Page 40: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/40.jpg)
November 13, 2007 Steal the Show with ApEx 40
Application level items
Page item names are visible in the HTML source
The names of application level items are not, making them more difficult to tamper with
![Page 41: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/41.jpg)
November 13, 2007 Steal the Show with ApEx 41
Using application level items
LOGIN PROCESS…casewhen p_sec_lev = 1 then:F134_HEADER := :F134_HEADER || 'FacRep Level';when p_sec_lev = 2 then:F134_HEADER := :F134_HEADER || 'RVP Level';elsenull;end case;
![Page 42: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/42.jpg)
November 13, 2007 Steal the Show with ApEx 42
User activity
or
select * from htmldb_activity_log
![Page 43: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/43.jpg)
November 13, 2007 Steal the Show with ApEx 43
Integrating apps
![Page 44: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/44.jpg)
November 13, 2007 Steal the Show with ApEx 44
Internal message board
Build or borrow a message board application, customize it and integrate it into all of your apps for an internal message board/knowledge base.
![Page 45: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/45.jpg)
November 13, 2007 Steal the Show with ApEx 45
Application Express skill set
![Page 46: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/46.jpg)
November 13, 2007 Steal the Show with ApEx 46
![Page 47: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/47.jpg)
November 13, 2007 Steal the Show with ApEx 47
![Page 48: Steal the Show with ApEx](https://reader035.fdocuments.us/reader035/viewer/2022081515/56812b12550346895d8f046e/html5/thumbnails/48.jpg)
November 13, 2007 Steal the Show with ApEx 48
Thank you!
For more information:Bill [email protected]