Securing Oracle Application Express for administrators
Oracle Application Express is secure, but developers can make it insecure.
Protecting the database environment
Oracle Application Express runs in the database, so the database environment needs to be protected.
Follow the principle of least privilege, so a user only has access to the resources required. Lock or remove unused users. Use sensible passwords, and do not use the same password for SYS and SYSTEM.
Note
This document provides a checklist for security in the Oracle database
Document # 131752.1: Security Checklist at the My Oracle Support website.
The best way to secure data in your APEX application, or any application, is to secure your data in the database. You can do this by using Oracle's Virtual Private Database.
