Session State Protection Levels - Oracle Application Express 18

Session State Protection Levels

Question

Martin has a text field on a page that he wants to protect with Session State Protection.

Select the four valid protection levels available to Martin.

(Choose four.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F. G.

AFGH.

https://docs.oracle.com/database/121/HTMDB/sec_dev.htm#HTMDB25976

Oracle Application Express (APEX) provides session state protection to protect against cross-site request forgery (CSRF) attacks. CSRF attacks occur when an attacker tricks a user into performing an unintended action on a web application. To prevent CSRF attacks, APEX provides different levels of protection.

The four valid protection levels available to Martin are:

A. Checksum Required: User Level - This option requires a checksum to be included in the page submission request. The checksum is specific to the user and ensures that the page submission originates from the same user who requested the page. This option is useful when the page contains sensitive information.

C. Checksum Required: Workspace Level - This option requires a checksum to be included in the page submission request. The checksum is specific to the workspace and ensures that the page submission originates from the same workspace that the user is currently in. This option is useful when the page contains workspace-specific information.

F. Checksum Required: Session Level - This option requires a checksum to be included in the page submission request. The checksum is specific to the session and ensures that the page submission originates from the same session that the user is currently in. This option is useful when the page contains session-specific information.

H. Checksum Required: Application Level - This option requires a checksum to be included in the page submission request. The checksum is specific to the application and ensures that the page submission originates from the same application that the user is currently in. This option is useful when the page contains application-specific information.

B. Hidden Item - This option is not a protection level but a way to store a value in a page item that is not visible to the user. It is useful for storing information that needs to be submitted with the page but should not be visible to the user.

D. Unrestricted - This option is not a protection level and means that there is no protection applied to the page item. This option is not recommended for sensitive information.

E. Checksum Not Required - This option is not a protection level and means that no checksum is required for the page submission. This option is not recommended for sensitive information.

G. Restricted: May not be set from browser - This option is not a protection level and means that the page item cannot be set from the browser using JavaScript or other means. This option is useful for preventing user tampering with the page item.

In summary, Martin can choose any combination of the four valid protection levels to protect his text field, depending on the sensitivity and scope of the information stored in the page item.