Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Secure WebFOCUS reports using the business website.

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[CLOSED] Secure WebFOCUS reports using the business website.
 Login/Join
 
MrM
Platinum Member
posted
We want to allow our customers to call their own WebFOCUS reports thru the business website, but we think that it is not secured.
This because it is based on URL with parameters like customer number. If someone picks this up and changes the customer number he
can see information from another customer.
Is there a way to make this secure.

This message has been edited. Last edited by: Kerry,
 
Posts: 103 | Registered: March 18, 2008Report This Post
<JJI>
posted
You could create a DB table that contains the login name and the customer number. Then you can check if the login and customer number provided by the customer is a valid combination. Only then you run the request.
 
Report This Post
MrM
Platinum Member
posted Hide Post
Thanks for replying, but what if there is a drilldown in the report? A drilldown is also based on a querystring.
 
Posts: 103 | Registered: March 18, 2008Report This Post
Waz
Expert
posted Hide Post
You will need to change your reports to use javascript, and use the POST method. This hides the parameters of the URL.

There are nay other things that can be done to secure the reports. depends on how far you want to go.


Waz...

Prod:WebFOCUS 7.6.10/8.1.04Upgrade:WebFOCUS 8.2.07OS:LinuxOutputs:HTML, PDF, Excel, PPT
In Focus since 1984
Pity the lost knowledge of an old programmer!

 
Posts: 6347 | Location: 33°49'23.0"S, 151°11'41.0"E | Registered: October 31, 2006Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Secure WebFOCUS reports using the business website.

Copyright © 1996-2020 Information Builders