Mask APEX Pages completely

abdo20898 Public · Feb 20 2024

Idea Summary
I would like to have a feature in addition to the Friendly URL feature that masks the APEX page URLs completely. So as a user, I can't be able to understand the URL logic, For ex: a page item called P1_ID=200 or SESSION=1111111

Use Case
Hide the URL parameters to add more security layers to the application to prevent any type of advanced SQL injection and have your application fit the OWASP requirements.

Preferred Solution (Optional)
Using either a pre-defined function provided by APEX or a Custom Function that the user could design and build. Basically to encrypt any type of URL parameters into something only the server side could decrypt. (it doesn't need to be a very complex method) .

We reviewed this idea carefully, and while it was interesting, we concluded that due to all the internal implications we need to take into account, it is unlikely to make its way into APEX.

Comments

jayson hanes Admin OP 2.1 years ago

Can you elaborate on why this would be desirable? If there are sensitive parameters in the URL I'd say that the developer needs to consider a better approach to page navigation such as branching.

2 Voters

Mask APEX Pages completely

Feature

Comments

Comments