Oracle Application Express 5: Developing Web Applications — Question 14

Sunny has developed a report and form on CUSTOMERS, which is open to partners. The report displays only customers associated with partners, based on their user credentials. Partners can click an Edit button to go to a form page to update their customers. Sunny is concerned that IT savvy users will be able to alter the
URL to be able to see and update records from other partners.
What must Sunny do to protect the form page from URL tampering?

Answer options

• A. Update Page Access Protection to Arguments Must Have Checksum
• B. Set Authentication to Administration Rights
• C. Set Rejoin Sessions to Disabled
• D. Set Deep Linking to Disabled
• E. Update Page Access Protection to No URL Access

Correct answer: E

Explanation

The correct answer is E because updating Page Access Protection to No URL Access will prevent unauthorized users from accessing the form page through manipulated URLs. The other options do not adequately prevent URL tampering; for example, setting authentication levels or disabling deep linking does not stop users from altering URLs to gain access to sensitive data.