Cloud

O SpecGold OracleBusIntApps7 clr

 Gcloud

 

   Call us now 

  Manchester Office

  +44 (0) 8450 940 998

 

  

 

Welcome to the Beyond Blog

As you'd expect from the winners of the Specialized Partner of the Year: Business Analytics at the Oracle UKI Specialized Partner Awards 2014, Beyond work with leading edge BI Applications primarily within the UK Public Sector. We intend to share some of our ideas and discoveries via our blog and hopefully enrich the wider discussion surrounding Oracle Business Intelligence and driving improved insight for customers

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form

Oracle APEX Exploitation - Part 1

I decided to write a short series of posts detailing some different mechanisms that a malicious user may use to "attack" an application written in Oracle Application Express (Apex) - note - "Attack" is used loosely here in that it is more of "making the application perform in a way it was not intended". These posts are not intended to be instructional, more they are intended to assist the developer in ensuring their applications are written to a standard which protects against such attacks. It should be noted from the outset that none of the techniques illustrated infer there is a security issue with Apex - Apex is secure for all intents and purposes - any security vulnerabilities are 99%+ of the time due to the developer not implementing appropriate defences. Some of them are quite obvious, however some may not be so. I won't be using any fancy tools - just a browser with developer plugins.
I'll try to explain a problem under a number of headings.

  • The mechanism of the attack
  • The implications
  • How to defend against it

It of course goes without saying that all liability is relinquished - anything you do to your own (or other's) applications is entirely at your own risk.

I am using a sandpit application on apex.oracle.com to demonstrate, which can be accessed here.
So with that said, the first thing I'd like to show is by far the most simple - URL Parameter Modification. I'll then work through more complex and intricate attacks in subsequent posts.

Last modified on Continue reading
Tagged in: APEX
in Techniques 318 0
0

A while back I created a post describing how to produce an organization chart in Oracle APEX using Google visualizations. If you didn't catch that then go and take a look here first before reading on as it will provide the background reading to this post.

So in this post I am going to demo how we can do this in OBIEE - and it's actually quite easy because OBIEE has already done a lot of the work for us.

First we need a level based hierarchy (or even just a representation of a hierarchy as levels across columns). This is how all BI Applications hierarchies are implemented, for example the organization and position hierarchies. I am going to use SampleApp with the "Sample Sales"."Offices" hierarchy.

Columns

Then we simply select all the columns in our hierarchy into a simple analytic. As we have multiple top level nodes I have applied a filter to restrict to just one company, however this isn't necessary - if you have multiple top level nodes then you simply get multiple trees.

Analytic

If we use the default Table view then we see something like this. Note I have changed the column order in this view simply to make the hierarchy structure clearer.

Table Results

Last modified on Continue reading
Tagged in: OBIEE Oracle BI 12c
in Techniques 968 2
0

DV Desktop v2 has been on general release now for a week or so and I highly recommend the following Oracle video to see some of the new functionality

https://www.youtube.com/user/OracleBITechDemos/videos

There's a lot to like about this release - the hugely enhanced connectivity and workflow for example, but some things I haven't seen many people talking about yet is the SDK or the ability to use plugins to add new content; here's a quick way of doing this.

1) Goto the Oracle BI Public store

b2ap3_thumbnail_dial2.png

2) Select a plugin and download it.  Note that you DO NOT UNZIP the file and also you will need to create the /plugin directory.  By default on windows your %LOCALAPPDATA% directory is hidden so you'll probably need to unhide it to find it!

b2ap3_thumbnail_dial3.png

3) Volia - the new visualisation is available for use; here I have tweaked the setup of the dials and used them in my application.

b2ap3_thumbnail_dial1.png

...any questions ... please ask.

Last modified on Continue reading
in Techniques 1397 0
0

We've been working with a number of customers who want to see context specific charts/graphs displayed when the mouse rolls over values in a table, rather than having to drill.  In order to show an example of this rather slick approach we have created a 30 second video as a demonstration    

Please have look here  https://www.youtube.com/watch?v=bZHzcMmLkLw

 

Last modified on Continue reading
in Techniques 1940 0
0

I wanted to write this as an introduction to combining data from multiple facts/subject areas into a single analytic. The post is aimed primarily at end-users as there are developer techniques we can use to circumvent some of the restrictions described below.
Let us first refresh ourselves with a subject area actually is. In its most basic form it is simply a fact with associated dimensions. Consider the following simplified example for a financial fact.

Financial Star Schema

So we can easily report on financial transactions by any of the four dimensions listed.
Now let's suppose we have a completely separate subject area based on some HR Salary information.

Human Resources Star Schema

Again, we can use that star in isolation however we wish. However... what if our user decides that they would like to report on the monthly spend alongside the monthly salary cost?
Without considering any dimensions this works fine - we can simply include the measure from each fact. The difficulty comes when we want to include dimensions - the key rule being this... 
You can only report on measures from multiple facts where all dimensions that are used in the analytic are shared.
So let's look at those two facts together.

Combined Star Schema

Last modified on Continue reading
Tagged in: Analytics OBIEE
in Techniques 4939 0
0