Roels Blog

After some thought, I decided I will be running for the ODTUG Board of Directors this year. I have been attending Kscope since 2008 (New Orleans). Presented at Kscope and APEXPosed since 2009. Did a few webinars. Was a member of the APEX Content Team for Kscope12 and 13. And now I am the Content Lead for the APEX track for KScope14 and Kscope15. So I like spending my free time for ODTUG, to keep Kscope the best conference out there. But ODTUG is more than Kscope. And I would love to add my time, expertise and network to ODTUG in order to do more. So that's why I am running for the Board. But it seems I am not the only one running.... As for four positions, there are 24 nominations. Twenty-four! That means the changes are slim, but it shows how vivid ODTUG is. Most organisations that run on volunteers have a hard time filling these kind of positions. ODTUG doesn't. I don't have a full list of names, but I now know about six of them. And they are all well known persons and

Yesterday the first ORCLAPEX-NL Meetup was held. Finally. We seemed to be a little behind other locations - but pretty sure we'll catch up quickly! After (a lot of) great pizza - kindly sponsored by smart4apex - and a round of introduction of every attendee, Richard kicked off the meeting by explaining the concept of these kinds of meetups. He also gave a nice review of his first experience of Kscope during Kscope14. The weather was summer like outside - but the real die-hards were listening and discussing inside .... ... where Dick explained the limitations and challenges of developing web applications for smart phones. During the Open Mic Night part of the evening, Steven showed a very nice APEX Web Application developed for mobile devices. The user interface looked very good and the flow was very well thought through. And it uses some very neat features like Local Database Storage and WebWorkers to temporarily storage pictures and send them over the wire when

Yesterday I attended the first ORCLAPEX-BE Meetup. Very well organised by Dimitri and Roeland. Remarkable fact: I was not the only "foreigner" as around 30 - 40% of the - around 16 - attendees where Dutch! So Meetups can even easily cross borders ... So after some initial socialising....  ... ... Roeland explained the concept of these kind of meetups. In the next hour Dimitri went over all the great new features of APEX5, like Page Designer, Modal Pages, Syntax Highlighter etc. Then there was plenty of pizza (and more socialising). And then I went over the smaller - but nevertheless cool - features of APEX5 (as described in earlier blogposts). Alas I had to leave after my presentation - looking at an almost 3 hour drive back home. But I know that the last 20 minutes or so where filled with two "Open Mic Night"-style demo's. I think all attendees had a good time. I really like the concept: relaxed networking, some pre

It is still a long time before Kscope15. But if I look at the website .... I can hardly wait!  A good conference needs a good time for preparation. An awesome conference .... needs even more time. So that's why we need your abstracts a.s.a.p. After the close every member of the review committee will go over every abstract and will give it a rating and a comment. When that's all done, the committee will have a number of (virtual) meetings to select the best abstracts and create the stunning program you expect from Kscope. And last but not least the schedule for the event has to be created where everything falls into it's place ... So we really do need some time after October 15! But what are we looking for - and this only applies to the Oracle Application Express track as every track has it's own "wish list"...you can see that when you enter your abstract in the Sub Category field. We split it up into these six: Integration : We often see that it is

Earlier this year Dan McGhan - inspired by local JavaScript meetups - started the first Oracle APEX Meetup. Since then it has gone viral. As you can see on  ApexMeetups  the meetups are more or less global nowadays! And even in The Netherlands we will officially join this virtual group and have our first ORCLAPEX Meetup on Thursday September 18. The location is central and well known: The Dutch Oracle HQ alongside the A2 highway. Thanks Oracle for providing the accommodation! From 6PM onwards you can come in and join the group with a slice of pizza and a soda. As usual with these meetups, the structure of the meeting is more or less free format. The most important goal is to meet and greet fellow APEX Developers. We will have one or two (short) presentations: One about the concept of these Meetups - to set everyone's expectations - some and one about using Angular JS for mobile APEX development. If you want to share your experiences, questions knowledge etc : this is the place

The last two weeks I wrote a daily blogpost about a new feature in APEX 5. And intentionally I didn't cover the "big" features, like the new Page Designer, the Modal Pages, the Universal Theme etc as these probably are - or will be - covered by other people. So in my 10 blogposts I covered " Ten Tiny Things " ...  For those who missed it - all or parts of it - herewith a list of subjects with the links: Calendar Supporting Objects Column Link Developer Preferences Password Reset Runtime API Lockdown Substitution Syntax Authorization Evaluation Points Packages / API's Static Files I hope you liked it!

In APEX 4 you could upload files - like CSS files, JavaScript files, Images and whatever else you like - into the APEX Repository. When you navigate to Shared Components, there is a Files section that offers three different options: CSS Files are always uploaded (and changed !) for the whole Workspace. For Images and Static Files (usually JavaScript) you could choose whether they should be available for the whole Workspace or for a specific Application only. And if you had a lot of files - e.g. a lot of images - then you had to go through the upload process one-by-one. But that's usually a one time only thing. If you make changes to the CSS and JavaScript files - and that's a continuous process in development - then you had to delete the existing file and upload the new one. Over and over again. And meanwhile fighting the cache of the webserver and your browser.  And another irritating issue: You couldn't use relative references in your CSS or JavaScript files as th

To get a proper list of the new packages and API's APEX 5 provides us, we have to wait for the documentation of course. But if you're impatient and want to now more, you can get a list of all package procedures and functions by running this SQL on the APEX 5 Early Adopter instance: select distinct s.synonym_name, p.procedure_name from all_procedures p join all_synonyms s on p.object_name = s.table_name where p.owner like 'APEX%'   and s.synonym_name like 'APEX%' order by 1, 2; You'll get a list of over 700 procedures/functions. Most should look familiar. But there are some new kids on the block like : APEX_JSON , APEX_SPATIAL and APEX_ZIP . You can examine the ALL_SOURCE view to get more insight by looking at the parameters and the examples in the comments. The APEX_ZIP package is - according to the comments in the package - based on the work of Anton Scheffer (see this blog post ). The functions / procedures can be used to zip and

In APEX 4 you can define Authorization Schemes. This is a very useful feature to prevent code repetition all over the place. For instance and Authorization Scheme "Is Admin" might use a select on one or more tables (or web service calls or whatever is necessary) to determine whether a user, the :APP_USER, has an Admin role or not. And you can use any value in session state, like :APP_ID or :APP_PAGE_ID in your query (or function call). The result of this call is usually pretty static. So you could specify when the code should be evaluated: Once per Page View or Once per Session. The latter is obviously more efficient as it will run only once from login to logout. This works fine. Until you want to build your own fine-grained access control mechanism. As an example: If you have a page with three buttons on it, you can define an Authorization Scheme for this buttons and use that. So all three buttons use the same Authorization Scheme and are all visible on the page or not.

You've probably all heard about XSS, a.k.a. Cross Site Scripting . One of the ways you make yourself vulnerable to XSS is by creating JavaScript in your APEX applications that accepts unescaped user input - either direct or data retrieved from the database. As a - very stupid and simple - example, create a Page with a Text Item (say P3_TEXT).  Next create a Dynamic Action that executes this snippet of Javascript on Page Load : alert("You entered &P3_TEXT.") When you now enter some text like "Hello world" and submit the page, the response is an alert box with " You entered Hello world ". But now enter something like: the dark world");window.open("http://www.google.com This looks like half a piece of code - and in fact it is. It is completed by the (other) Javascript snippet that's using this snippet as input. Now you get an alert saying " You entered the dark world " and an extra window is opened showing t

In APEX 4.x the developer could implement a feature that involves a call to the APEX API. E.g. you could create new pages on the fly if you would like to (just examine an export file for the how-to). You could drop an application using a procedure from the APEX_INSTANCE_ADMIN package. You could drop a user using APEX_UTIL.REMOVE_USER . If this is all on purpose and secured than that's fine. But maybe you created some opportunities for SQL Injection ... and someone else could use that technique to call those very same procedures. So the bad guy (or girl) could drop your application - or maybe even worse : could create a user and give himself full access to everything! Of course you should prevent that from happening by fixing the SQL Injection holes. But next to that: You can prevent that your application uses those API's at all! And in APEX 5 that's even the default setting. So you're safe by default ;-) But assume you really need access to those API's, there