Focal Point
[CLOSED] Secure WebFOCUS reports using the business website.

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/8767057906

September 15, 2011, 02:17 AM
MrM
[CLOSED] Secure WebFOCUS reports using the business website.
We want to allow our customers to call their own WebFOCUS reports thru the business website, but we think that it is not secured.
This because it is based on URL with parameters like customer number. If someone picks this up and changes the customer number he
can see information from another customer.
Is there a way to make this secure.

This message has been edited. Last edited by: Kerry,
September 15, 2011, 05:48 AM
<JJI>
You could create a DB table that contains the login name and the customer number. Then you can check if the login and customer number provided by the customer is a valid combination. Only then you run the request.
September 15, 2011, 08:24 AM
MrM
Thanks for replying, but what if there is a drilldown in the report? A drilldown is also based on a querystring.
September 15, 2011, 05:30 PM
Waz
You will need to change your reports to use javascript, and use the POST method. This hides the parameters of the URL.

There are nay other things that can be done to secure the reports. depends on how far you want to go.


Waz...

Prod:WebFOCUS 7.6.10/8.1.04Upgrade:WebFOCUS 8.2.07OS:LinuxOutputs:HTML, PDF, Excel, PPT
In Focus since 1984
Pity the lost knowledge of an old programmer!