[SOLVED]Encrypting parameters passed to focex

Hi,
I am newbie to WebFOCUS.. a Java Developer trying to integrate WebFOCUS reporting into our existing application.

We have a requirement to obfuscate the URL parameters when calling a focex from our web application. Does WebFOCUS have the capability to receive an encrypted token ( Using Triple DES or AES.. etc) and decrypt it to get the list of parameters before calling the procedure?

Any help or pointers to where I can get this information is much appreciated.

Thx

Sri

This message has been edited. Last edited by: Srihari,

Version: WebFOCUS 761
OS: Windows
Output formats: HTML, Active Reports, PDF

Posts: 4 | Registered: March 22, 2011

Francis Mariani

Expert

posted

Hide Post

If your Web application uses a form, and the action is POST, the parameters are not sent in the URL. If this is too simplistic an answer for a Java developer, I apologize.

Francis

Give me code, or give me retirement. In FOCUS since 1991

Production: WF 7.7.05M, Dev Studio, BID, MRE, WebSphere, DB2 / Test: WF 8.1.05M, App Studio, BI Portal, Report Caster, jQuery, HighCharts, Apache Tomcat, MS SQL Server

Posts: 10577 | Location: Toronto, Ontario, Canada | Registered: April 27, 2005

Ignored post by Francis Mariani posted

Show Post

Srihari

Member

posted

Hide Post

I should have been clear. No we do not want the parameters to be sent in clear text on a POST as well. We are planning to use POST.

Version: WebFOCUS 761
OS: Windows
Output formats: HTML, Active Reports, PDF

Posts: 4 | Registered: March 22, 2011

Ignored post by Srihari posted

Show Post

<JG>

posted

Got to ask, Why not post?

Using post as opposed to get remove URL length and hence parameter restrictions

dhagen

Virtuoso

posted

Hide Post

What about just using SSL, then you just have to implement WF under HTTPS.

If that is not desirable, then you can develop an WF plugin in Java to decrypt them yourself ... or use a filter. Look in your doc for building a web focus plugin (ibi.webfoc.WFEXTDefault).

"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott

Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004

Ignored post by dhagen posted

Show Post

Srihari

Member

posted

Hide Post

Thanks for your suggestions. We are using HTTPS.
I will look into the web focus plugin /filter idea.

Version: WebFOCUS 761
OS: Windows
Output formats: HTML, Active Reports, PDF

Posts: 4 | Registered: March 22, 2011

Ignored post by Srihari posted

Show Post

dhagen

Virtuoso

posted

Hide Post

OK, I'm lost here. If you are using SSL, then everything is already encrypted on the wire. Why do you want to encrypt it further?

"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott

Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004

Ignored post by dhagen posted

Show Post

Srihari

Member

posted

Hide Post

Our information security rules do not allow for data to be sent without encryption from one Web application to another.

It prevents users of the App from accessing data that is not appropriate for their role. They can potentially manipulate the data even if it POST.

Note that the WebFocus reporting application is not a self service tool. We are going to call the reports from an existing Web App.

Version: WebFOCUS 761
OS: Windows
Output formats: HTML, Active Reports, PDF

Posts: 4 | Registered: March 22, 2011

Ignored post by Srihari posted

Show Post

Please Wait. Your request is being processed...

Read-Only Topic

Focal Point

Focal Point Forums

WebFOCUS/FOCUS Forum on Focal Point

[SOLVED]Encrypting parameters passed to focex

Focal Point | Privacy Statement | Terms of Service