Skip to Main Content
Feature Request FR-3256
Product Area Security
Status OPEN

36 Voters

Enhanced Email Security with S/MIME and Certificate Support

dirk_strack Public · Jul 7 2023

Idea Summary
Implementing S/MIME support in Oracle APEX would enhance email security for developers. S/MIME enables encryption and digital signatures for emails, ensuring authenticity, integrity, and confidentiality. This feature would provide a secure communication channel within Oracle APEX, allowing developers to exchange sensitive information confidently.

Use Case
Secure Communication: Developers can use S/MIME to securely exchange sensitive data, such as financial information, personal data, or confidential business communications, within Oracle APEX applications.
Compliance: Organizations with regulatory requirements, such as HIPAA or GDPR, can leverage S/MIME to ensure email communication adheres to data protection and privacy standards.
Trust Building: S/MIME allows developers to establish trust with recipients by verifying the authenticity and integrity of emails, reducing the risk of phishing attacks or email spoofing.
 

Preferred Solution (Optional)
To implement S/MIME support in Oracle APEX, the following steps could be considered:

Integration: Integrate S/MIME libraries or APIs into the APEX environment to handle encryption and digital signatures.
Configuration: Provide a user-friendly interface within APEX to manage S/MIME certificates, including importing, generating, and revoking certificates.
Email Processing: Enhance the APEX_MAIL PL/SQL API to include functions for sending and receiving S/MIME-encoded emails.
Documentation and Examples: Provide documentation and code examples to guide developers on configuring and utilizing S/MIME features effectively.
By implementing S/MIME support, Oracle APEX will enable users to communicate securely and foster trust within their applications, enhancing the overall security posture of the platform.

This idea is open.

Comments

Comments

  • asp OP 1.8 years ago

    We've made a commercial package that implements APEX_MAIL like API with support for both encrypted and signed S/MIME emails.

    You can take a glance at it here.

  • j_schuster OP 1.7 years ago

    Very important feature, in real companies we need to sign and encrypt mails. So instead of thinking how to polish the Faceted Search finger nails, give us real features we really need and would be a game changer 😉

  • christoph.figgener OP 1.7 years ago

    @asp We tried out your API for signed and encrypted S/MIME emails. 
    It is very useful to prevent extra UTL_SMTP coding. But we miss the standard APEX_MAIL queue functionality which is available by Oracle when sending emails without signing or encrypting.

  • asp OP 1.7 years ago

    @christoph.figgener Yeah, we have though about plugging into the APEX mail queue, but unfortunately the APEX_MAIL_QUEUE is only a VIEW over a complex storage that separates emails for users in different workspaces and we couldn't find any documentation how is that implemented.

  • j_schuster OP 1.7 years ago

    @asp We are using your solution, can you create internal tables that have the same structure like these two views WWV_FLOW_USER_MAIL_QUEUE, WWV_FLOW_USER_MAIL_LOG and fill them with the data in your package? 

    If there is no queue in your solution but you send everything right away we don't need WWV_FLOW_USER_MAIL_QUEUE but you can create a table / view that's called something like didi_apex_mail_log, same column names and structure and fill it with the same information apex_mail does, then we can union apex_mail_log and did_apex_mail_log to show the users which mails where actually sent?

  • asp OP 1.6 years ago

    @j_schuster Thank you for the feedback Juergen. We have released a new version with support for logging email sending status similar to APEX_MAIL_LOG. You can check the documentation here: https://didisoft.com/ora-rsa/tutorial/apex-mail-smime/#log

  • j_schuster OP 1.6 years ago

    @asp Awesome, great support, we use this package successfully, highly recommended. I'll let you know if it works ✌️

  • georgy.beregovy OP 1.2 years ago

    DSC would appreciate having this implemented