Monday, 4 July 2016

KScope2016 - ODTUG

Summary of sessions

What I liked the most?

Conference is over and it is nice to be back home. 


This is a brief post on things happening last week and notes that I taken with me while thoughts are still fresh. 

Please note that at each point there were 3 sessions available so attending and planning was made hard. These are notes from ones I attended.



Let's start with Sunday symposium:
Shakeeb was first to go, great little into into UI changes coming with APEX 5.1.
100+ UI improvements that can easily slip under the radar:
  • button builder by example
  • default label column template set now to span 2 columns
  • APEX font extension on top of Font-awesome library for sharper and more modern application icons that will be kept up to date by the Team
  • Inline help text
  • Quick edit and live template options that allows us to see changes real time before saving them
  • right to left support by switching an option
  • migration from 5.0 to 5.1 made simple as possible - using Verify function, together with changing reference to new APEX font library and reapplying any old custom roller theme    
Followed by Marc Sewtz presentation on Page designer and Charts.
Partick Wolf - Interactive Grid 5.1
  • ability to enable/disable it from the code
  • conditional entering while in edit mode only
  • new Reload Page on Submit process
  • multiple file upload support
  • file type filter for files being uploaded
  • changes to yes/no item type
  • ability to set status of application unavailability from PL/SQL
  • new admin read only workspace instance role
  • remote debugging
  • regardless of IG 5.1 will finally create new session if page opened in new tabs         
Day 2 
Started with Martin's presentation on Open source amd APEX.
Excellent overview on available OraOpenSource projects and some must have features for every APEX project.
  • Logger
  • PL/SQL mark up tool for documentation
  • OXAR - prebuild APEX DEV environment
  • APEX-SERT
  • OOS utils   
Karen's IR reporting Guts and performance overview
  • how to tweak and optimize run of your reports
  • tune your real SQL
  • tune returned query using indexes
  • train your users how to use it
  • max row count has biggest impact as it changes query execution plans
  • restrict max rows for large tables
  • if download all rows needed provide separate functionality for this
  • avoid x to y of z - if needed provide info separately of number of rows
  • use IR_QUERY API to get number of rows for this view
  • use LOV for filtered columns as initial LOV gets only 1000 rows or so     
  • column filter options: none at all, exact match and name contains
  • if none of this works try pipeline functions
Anton Nielsen - Exploiting power of database
  • ORACLE_TEXT with ability to search content of files stored as blob
  • stemming and search for plural words
  • fuzzy logic and about options
  • q operator for quoting all queries syntax used
  • importance sql analytics bringing performance benefits
  • OWA package 
  • ORD_IMAGE multimedia objects that can read image, date information, resize
  • Resource manager - manage how much influence can each app have down to user or app level
  • utl_http
  • apex_ldap
  • external tables
  • dbms_crypto
  • 12c approximate count over exact count performance benefit        

Followed by Dimitri's presentation on Real Application Security, enterprise tool providing another security layer and protection to your data and application. 

Closed with Jorge Rimblas with his application on Classic report templates and Oliver Lemm's APEX and JIRA implementation.

Day 3

Started with APEX and Handlebars by Marko G. Excellent way how to improve report performance using customized templates that get injected with JSON. Very impressive and highly useful demonstration of upcoming technology.

John Scott - automated testing
  • nodeJS and nightmare.js, phantom.js libraries to create test cases
  • maximizing results with less efforts of manual work
  • interesting alternatives to Sellenium and other classic automated testing tools
Followed by another great security presentation by RECX team.
  • 96% apps have access control issues
  • problematic are hidden items, page access and htp.p 
  • already known report template issue when using #COLUMN# substitutions
  • make sure to sanitize the data during the input
  • use #COLUMN#!JS escaping functions
  • look for htp.p functions that 'text ' || :P1_ITEM and use APEX_ESCAPE.html()
  • look for execute immediate into variable
  • when printing on exception also encode your variables
  • when using htp.p use appropriate escaping function
  • for example if data is JSON use APEX_ESCAPE.JSON function
  • be aware of functions returning SQL query with where clause that uses || :P2_ITEM
  • do not use || :P_ITEM always put it in string enclosed with ''
  • always review your code among team 
Adrian showed us power of semantics in modern browsers. 

Day ended with another high tech presentations by Dimitri G. on service workers. Technology that promises and potentially presents a future of modern apps. Ability to provide caching and offline experience for end users, background synchronizations and application messaging when browser is not even opened. 

Day 4

Single sign on using Kerberos and Niels de Bruijn from MT-AG team where he highlighted advantages of using this approach over classic LDAP. There is a white paper available on this and all related details.

APEX and affordable workflow options by Niels - Comunda tool with commercial and community edition. Excellent presentation how to utilize and implement workflow processes using APEX applications. Can run on Tomcat and comes with cockpit java application, all matadata can be installed in ORACLE DB with webservice to make it move around the flows. Very well accepted among the audience and very intriguing solution in my personal opinion.

Among others would like to mention Slavica's presentation on Accessibility where she clearly outlined the importance of making your apps follow latest standards and recommendations. 

 Day was closed by RECX team and CCS attacks security overview. Notes:
  • www_flow.show?p_flow_id=4500&p_flow_step_id=10000 be aware to remove this from being abled to be accessed by external ONLINE USERS
  • moving application access policy to ORDS
  • secure ORDS to only allow APEX based functions by creating security.inclusionList parameter apex_, p, v, f, www_flow and not to allow any public procedures
  • have another ORDS for internal and public applications
  • if needed  to run public procedures put it on page before header region with apex_stop_engine call;
  • on workspace instance..... only allow Allow Hostnames: www.xxxx.co.uk
  • return HTTP 400 error instead of errem under unhandeled exceptions for online apps as sometimes they return information about columns and tables which are DB related
  • monitor your apex_workspace_activity_log and apex_workspace_ access_log 
  • never allow production workspace login for developers as attacker can reuse and check if user is developer and use this session for further attacks
All in all something for everyone to learn and above all to have fun.

What I can add to this if you happen to have the opportunity to visit Chicago please do so as city is really nice, people are kind and friendly and it offers quite a few interesting sites like The Loop, Millennium park, the Bean, lake front, river cruise and navy Pier.

Thank you to ODTUG, presenters, great #orcleapex community and awesome city of Chicago - look forward to next year and San Antonio.

Regards,
SLino

3 comments:

  1. Hello Lino.

    Excelent descriptive Post.

    I need a bit of help from you.

    I need implement a "Inline help text" on Text Field in news features of APEX 5.1

    Can you give me an example code.?

    Thanks in advance.

    Best regards.

    Joaquin. From Argentina

    ReplyDelete
  2. Thanks Joaquin, not sure what you mean by "news features in 5.1". Do you have a demo on apexea.oracle.com so that I could have a look? Also have a look at apex.world > plugin section there are quite few handy alerts implementation that might help. Thanks Lino :)

    ReplyDelete
  3. Thanks Lino for answer my question.
    In this post, under title "100+ UI improvements that can easily slip under the radar" of Shakeeb's presentation, the Bulleted List Item "Inline help text", previously mentioned.
    A add file .jpg in this location, with description about my doubts about the subject:

    https://onedrive.live.com/?id=3AB3E75F4A65ED71%21105&cid=3AB3E75F4A65ED71

    I think that your examples in apex.world > plugin > APEX Tooltip, maybe it seems like new feature "Inline help text" of APEX 5.1.
    Amazing examples demos on apexea.oracle.com.
    Thanks in advance for your help.
    Joaquin.

    ReplyDelete