Hi,

We are using On-Demand Pagination for our HTML report outputs and few reports in PDF.

WebFOCUS generates below URL as it changes the URL due to redirection.

https://webserver/ibi_apps/WFS....htm&vcp_need_close=

I tried with IBIWF_redirect to LEN - but still it creates redirection URL..
Also tried to change EXPIRE_REPORTS and _TempFileTimeout to 1. But with that pagination was not working as expected.

When a different user access this URL, he is able to see the HTML report output.
But we need this to be avoided. Please let us know if this can be achieved.

Version: WF 8005(both server/client)

Thanks,
Ram

This message has been edited. Last edited by: Ram Prasad E,

Hi,

I found REDIRECT_COOKIE until 7705 to solve this issue. But in WF 8, I do not see any setting of this functionality.

I tried with both IBIWF_redirect=NEVER and IBIWF_redirect=LEN. But when I share the URL of PDF/HTML report and other user was able to see those reports from server cache.


Thanks,
Ram

Hi Ram,

I found one reference to REDIRECT_COOKIE in the WebFOCUS Security and Administration Manual Release 8.0 Version 05 which says "You should set WF_ENCRYPT_USER to YES and set REDIRECT_COOKIE to ON so that all cookies are encrypted." I also see #REDIRECT_COOKIE=ON
in the WebFOCUS 8 cgivars.wfs file, but I don't see this as a configurable option.

Since it's difficult to diagnose a security issue like this in a forum like this, would you please open a case on InfoResponse Online so that one of our WebFOCUS 8 security specialists can review this?

Thanks and regards,

Kathryn

Hi Kathryn,

Thanks for sharing the details. I have raised a case for this issue.

-Ram