May 17, 2007, 11:59 AM
shealy_lfoIs it possible to hide URL
We are working on producing an external reporting application for our clients. We prefer not to display the URL on the report output. The dashboard interface itself has a masked URL, but is it possible to hide the URL on the actual report WFServlet output?
Also, is there a way to control the 'View Source' option on a right click so the WebFOCUS code and query is not visible?
May 17, 2007, 12:25 PM
Francis MarianiHide URL:
You can hide part of the report's URL by making the action of the form creating the report "POST" instead of "GET".
Disabling right-click:
https://forums.informationbuilders.com/eve/forums/a/tpc/...971093951#1971093951Disabling URL on Print:
https://forums.informationbuilders.com/eve/forums/a/tpc/...601079681#1601079681 Francis
Give me code, or give me retirement. In FOCUS since 1991
Production: WF 7.7.05M, Dev Studio, BID, MRE, WebSphere, DB2 / Test: WF 8.1.05M, App Studio, BI Portal, Report Caster, jQuery, HighCharts, Apache Tomcat, MS SQL Server
May 17, 2007, 12:32 PM
Alan BThe URL shown is dependent upon how the query is sent. Using a URL link or a form with an action of GET will not hide the URL. Using a query from a form with an action of POST will not show the URL in the address bar.
However, users can see, from view source, the form and it's action, and it doesn't take a genius to work out a URL from that.
There are plenty of js examples around, search google (I notice Francis has posted a couple of links while I've been writing this), to try and prevent the right click, but in fact that does not prevent the users viewing the page source. I used to worry about it a bit, but now do not. I have tightened security so that a request has to come through the correct channels, not a URL or a from a form on another domain.
The WebFOCUS code used to create a query should never be visible in the source anyway, it would only be there with an ECHO, and you can SET MSG=OFF as well.
One approach is to ensure that you have a secure site, that you ensure nothing can run without passing through a security check, that each user only sees the data they are meant to, basically plug all the holes that the internet provides.
It would be wrong to say it is easy, it's not. And you have to determine who you are trying to stop getting access to the systems and data.
Essential reading is the security and administration manual to help understand what you can achieve from the WebFOCUS side. Remember that security is only as tight as the PostIt note on a screen.
