On Oracle Reports and Forms calls, for security reasons, Reports user should not see the Oracle Reports URL with Userid and Password parameters.
We use "manual" Reports calls out of Forms. So we just create the URL string and open this url with web.show_document().
Because Oracle Reports uses the GET method (instead of the POST method) to pass parameters, all parameters are visible to the user within the URL (....&userid=xxx/xxxx@xxxx)
Wo when using Oracle Reports and Forms direct URL calls, I suggest to use to two steps to secure it up:
We're using Oracle Forms source control outside of Forms. Currently we're very happy with our VSS setup. So we are using Microsoft's Visual Source Safe for Oracle Forms Source Control.
Generating *.fmb files out of Oracle Designer, we do a check in of fmb files after generation.
Also there's a possibility to use ANT for SQL and fmb Forms deployment. Using VSS as Oracle Forms source control software, ANT can also check out specific fmb versions to deploy.
At the moment, some peole thing about migrating our Oracle Forms source control software from VSS to something new like SVN (Subversion). But this would be a major change on our developement approach. Currently, the developers were used to VSS with its pessimistic locking mechanism. New version control tools as Subversion are using optimistic locking instead. What's the difference?
New BLOG with informations about Load Balancing and Routers found today.
Interesting, I'm using myself an apache as a load balancer for some oracle forms services. We also use load balancing routers for our XML Gateway, it's a Layer 7 (L7) component. Very good hardware, but kind of expensive. I think it's only for professional purposes. I don't see a usage for small business.
What about "the cloud" - could this be implemented within Amazon's or Google's cloud applications? how much would it cost to run it there.
I'll do some further investigations on load balancing routers within the clound ...