Home > Managing Application Security > Understanding Administrator... > About Configuring Oracle HT...
Previous |
Next |
Oracle HTTP Server uses the mod_plsql
plug-in to communicate with the Oracle Application Express engine within the Oracle database. mod_plsql
functions act as a communication broker between the Web server and the Oracle Application Express engine in the Oracle database.
Each mod_plsql
request is associated with a set of configuration values used to access the database called a Database Access Descriptor (DAD). mod_plsql
provides a DAD parameter called PlsqlRequestValidationFunction
which enables you to allow or disallow further processing of a requested procedure. You can utilize this parameter to implement tighter security for your PL/SQL application by blocking package and procedure calls which should not be allowed to run from the DAD. Oracle recommends a DAD configuration for Oracle Application Express which utilizes the PlsqlRequestValidationFunction
directive with a value of wwv_flow_epg_include_modules.authorize
.
The purpose of the PlsqlRequestValidationFunction
parameter is to control which procedures can be invoked through mod_plsql
. By default, the only procedures permitted are the public entry points of Oracle Application Express. This can be extended using the validation functions shipped with Oracle Application Express. To learn more, see "Restricting Access to Oracle Application Express" in Oracle Application Express Administration Guide.