session state management of APEX is always a headache topic for me. I always have to re-read this topic every few months :-)
@Superdooperhero
3 жыл бұрын
Not sure about the fix. Surely passing the ids is similarly or even less secure than having them in session state. Or is it just that the state can be hacked when you know some of the values that are in there?
@antonnielsen7630
3 жыл бұрын
A couple thoughts on passing IDs on the URL...first, everyone should step away from using sequences or identity columns as primary keys (IDs) and use some form of guid. I prefer my own custom function for this, but sys.guid is a good option. More importantly, though, with session state protection enabled, APEX automatically adds a checksum to the URL, so you can’t tamper with it, making it quite secure. Thoughts?
Пікірлер: 3