Hi,
How to integrate fex files with ASP pages?
I am using frames to execute fex files. But this is not secure enough. The user can get the URL of the fex file(by right clicking on the frame) and can get access to it with out login to the application. Is there a better way to integrate it?
Is there any manual available from IBI on how to integrate with other applications?

Any help would be greatly appreciated..

Thanks,
Nailesh.

CGI or Servlet???
If it servlet based you could use role based security to secure the url.
If you are using the CGI you could web based security to protect the alias.
Another option would be to use the WebFOCUS callable exit and programmatically reject the request based criteria you set.

I hear you there... the fact that the browser supports "view source" and allows users to see URLs in the status bar when a drilldown is hovered can be a problem for security-minded sites. What's more, any ASP or Web application has this problem - it's really a problem of the browser!

The good news is you can suppress the user's ability to right-click on the window for any given page without jumping through too many hoops... although you do need to be somewhat comfortable with browser scripting.

There are JavaScript functions that run in every browser version and which let you suppress support for a user right-click on the browser window and for the URL display on a hover. Easiest way to suppress hover display is to disable the status bar; this can be done with a security policy for Internet Explorer.

Here is a sample script that allows right mouse click suppression. You can place it in the ASP file that contains a WebFOCUS report and it will prevent the user from using right-click to view properties of a hyperlink or even using right-click to download stuff from your app (like images).

Note that due to limitations in this posting forum, I had to mangle a few commands - remove "DELETE#" from those commands and replace them with, respectively, the letter S for script and the letter O for the last three..

<DELETE#cript language="JavaScript1.2">
if (window.Event)
document.captureEvents(Event.MOUSEUP);

function nocontextmenu() {
event.cancelBubble = true, event.returnValue = false;

return false;
}

function norightclick(e) {
if (window.Event) {
if (e.which == 2 || e.which == 3) return false;
}
else if (event.button == 2 || event.button == 3) {
event.cancelBubble = true, event.returnValue = false;
return false;
}
}

if (document.layers)
document.captureEvents(Event.MOUSEDOWN);

document.DELETE#ncontextmenu = nocontextmenu;
document.DELETE#nmousedown = norightclick;
document.DELETE#nmouseup = norightclick;
//--></script>

Hope this helps!!!

quote:

Originally posted by Bob Jude Ferrante:
[qb]...
The good news is you can suppress the user's ability to right-click on the window for any given page without jumping through too many hoops... although you do need to be somewhat comfortable with browser scripting.

There are JavaScript functions that run in every browser version and which let you suppress support for a user right-click on the browser window and for the URL display on a hover. [/qb]

This is not very good security either, since all the user has to do is turn off JavaScript to get around it. Admittedly, most users won't know about this, but then, you're not worried about most users.

Can this same code be used in a .htm file? I can't seem to get it to work. Thanks.

Friends--
I've actually found an even easier way to do this. Just add the event code

onContextMenuDelete="return false"

inside the BODY tag.

A very simple wisp of code which completely disables the right-click menu in Internet Explorer. Even easier to implement than the more lengthy JavaScript function method I previously provided. Remember to take out the word "Delete" from the above code before using it.