⚠️ This content was written in 2015. Since that time, some best practices have been updated including running ORDS in standalone mode and referencing Application Express as APEX.
In my recent travels, I have encountered some individuals who ask what I do. I have been working on my elevator pitch, and it is harder than I imagined. When I mention that I have a long history with Oracle APEX, I am often greeted with the question….
Q: What is Oracle Application Express (APEX)?
Short Answer:
Oracle Application Express is a feature of the Oracle database that enables declarative rapid application development using a combination of Oracle database features and web technology.
Long Answer:
APEX is a web based application development framework. It requires an Oracle database to host APEX and can leverage all the features of the Oracle database. The applications are developed using the database, so it has all of the speed, redundancy, backup and reliability of the Oracle database. APEX has been designed to allow applications to be developed declaratively with the option for extensions and custom code development utilizing PL/SQL and any browser based technology. This allows a low barrier for entry as well as potential for advanced development.
Q: Is Oracle Application Express Supported by Oracle?
Short Answer:
Yes.
Long Answer:
From the Director of Software Development for Oracle APEX
Why might some people believe that APEX is not supported? Maybe because there are notes about unsupported or undesirable ways to run APEX. This does not mean that every implementation is unsupported.
A perfect analogy is Oracle XE.
XE is provided for entry level usage of the Oracle Database, including APEX. But it is not supported by Oracle Support. Instead: “Support is provided through a free Oracle Discussion Forum monitored by Oracle employees as well as community experts.” Does this mean that the all Oracle Databases are not supported? Of course not. Code or applications designed in a XE database can be migrated to comparable versions of “supported” instances.
Q: What is APEX used for?
Short Answer:
Web based applications that leverage Oracle Database data.
Long Answer:
APEX excels at applications that are transacting, reporting and analyzing data. Many business have created full custom application environments. Some simply use APEX for RICE components. (Reports Interfaces Customizations Extensions) It can be used for many purposes. APEX does not fit all software development needs, but if the primary purpose is to interface with Oracle data, it is a serious option.
Q: Why should a business consider using APEX?
Short Answer:
Speed, maximum return on investment in the Oracle Database and utilization of PL/SQL skilled resources.
Long Answer:
APEX is based on the database. If you have skills in the database tools (SQL, PL/SQL, API, etc), reuse in APEX applications is very high. The effort of making APEX declarative caters to individuals strong in SQL and PL/SQL. The amount of time required for APEX to from a table of data to a working application is faster than any other software platform available. As needs and skills in web technologies (HTML, CSS, JS, Jquery, etc) improve, so can the complexity of the APEX applications developed.
Q: Do I need a web server to run APEX?
Short Answer:
Technically no, but you should use one for serious work.
Long Answer:
Oracle APEX has 3 2 major connection setups:
Oracle Restful Data Services (ORDS) (formerly APEX listener)
ORDS is a Java application that allows connection to the Oracle database through JDBC. It was originally designed as a Java replacement for mod_plsql, but has grown into its own tool that allows easy and effective data delivery through Rest style communication. It is not limited to APEX, but is currently the primary implementation for APEX.
ORDS can be run in standalone mode or as an application on an existing J2EE application server. When run in standalone mode, the Java application will run resident in the current session and respond to HTTP calls. When installed into a web server (WebLogic, GlassFish, Apache Tomcat are documented), the full features of the web server can be used for authentication, security and SSL. Web servers, as with Oracle Database, have features that can be leveraged and should be used to their fullest extent in order to gain the greatest value from that investment.
Embedded Pl/SQL Gateway (EPG)
The Oracle database has the ability to respond to HTTP and FTP requests. This means you can run APEX without using a web server! It is a neat technology, and works in a pinch. Just because you can, doesn’t mean you want to. When you use your database as a web server, every call is a resource usage on the database. This includes image files, JavaScript, CSS and the like. These are the types of requests that web servers are built to handle. Web traffic hosting from the database may make DBA types nervous.
#### Apache mod_plsql
This is a method of web server to database connection that has a lot of legacy in the eBusiness Suite. It is a modification loaded into the Apache web server. This is still a supported method. Many of the features have been duplicated and superseded by the functionality in the ORDS tool. The configuration and implementation is different, but the functionality is the same.
Q: Which APEX setup should I use?
Short Answer:
Depends on your use case, but ORDS installed into a J2EE web server is the recommended approach.
Long Answer:
Analogous to this would be the question: What is the best way to connect to an Oracle Database? SQL*plus, SQL Developer, ODBC, JDBC, OCI, OCCI… It depends on your use case and situation. The web server architecture can be as simple or complex as the business needs. Basic firewall and URL “allow listing” is the easiest way to assure that only configured applications and connections are available to external users. These are features of the respective web server choices.
Q: Is Oracle Application Express Secure?
Short Answer:
Yes.
Long Answer:
There is a book on this topic.
As with any technology or programming language, the level of security or insecurity depends on the people who designed and built the software. The Oracle database is no different from other technologies in this respect. APEX has been designed with security features built in so that security can be implemented in a rapid and declarative way.
APEX applications benefit from security audits and a solid QA process as does any type of software development. This is why utilizing a team of individuals who understand how to develop a secure APEX application in an effective and efficient manner is key to a successful project.