Monday 6 March 2023

Let's talk Oracle APEX Security - APEX SERT

APEX SERT installation notes

How to start using APEX SERT?

This time we will take a look at how to get APEX SERT installed and running. 

In its essence it should only come own to one script and you are ready to start using it.

If you downloaded installation scripts regardless of what version of APEX you are on you have be be aware that these versions must match each other. 

Meaning if you are running APEX 21.2 then you should install APEX SERT 21.2 and not any other. Why is this we will come to it later on? Point is that SERT simply will not run. Of course there is a way to tweak things and make it work but I am guessing we do not want lose time and want to get things going. 

Lets look at installation and how easiest to do this?

Download matching SERT version and unzip it somewhere. Find and open ins_auto_setup.sql 

This is the script I would recommend you to use, the only difference from ins.sql is that it will not prompt you anything so you can run it as one click install. At least that was the idea. 

In here you will notice this section

which is trying to explain all parameters we can provide as an input. Most are self explanatory.

There is a section with a basic example how you could call this script 

If you closer it will require of you to provide a sysadmin password, why is this? 

It will as part of the installation try to create users with a special access to some of APEX internal tables. In order to do this it needs to have admin privilege otherwise it would not work. Is this the best way to go or not is now out of scope for this blog post. ;)

Last section we need to be aware of is this one

As you can see here there are references to APEX versions etc.... 

Okay now you should be ready to install APEX SERT. If you execute the script and it all works for you should get few new schemas installed. 

Looking at them in top to bottom order.... 

  • SV_SERT_XXXXXX is a schema is the brain and all what APEX SERT does. All configs and everything is stored here in its tables
  • SV_SERT_APEX is a layer that has read access to SV_SERT_XXXXXX schema
  • SV_SERT_LAUNCHER is a special schema that holds up a REST API call which will actually start your APEX SERT application

With this quick fly-through of how installation looks like we can start scanning our apps for any security wholes. 

We will look at the first APEX SERT run in the next post.

Happy APEXing,


No comments:

Post a Comment